@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/python-paho-template (=0.2.13)

@asyncapi/python-paho-template NPM version =0.2.13 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/python-paho-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...

CVE-2025-11491

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2025-11491 wonderwhy-er DesktopCommanderMCP command-manager.ts CommandManager os command injection

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2025-11489 wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink

A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...

CVE-2025-11489

CVE-2025-11489 affects wonderwhy-er DesktopCommanderMCP up to 0.2.13. The issue resides in isPathAllowed (src/tools/filesystem.ts) and enables symbolic link following, with local access required and high attack complexity. Publicly disclosed exploitability is noted; vendor guidance recommends usi...

PT-2025-41297

Name of the Vulnerable Software and Affected Versions wonderwhy-er DesktopCommanderMCP versions up to 0.2.13 Description A security issue has been identified in the isPathAllowed function within the src/tools/filesystem.ts file of wonderwhy-er DesktopCommanderMCP. This allows for symlink followin...

Desktop Commander MCP 安全漏洞

Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. A security vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from the operation of the function isPathAllowed in the file src/tools/filesystem.ts that may result in symbolic link...

@adaptui/react-native-tailwind (>=1.0.0-alpha.0 <=1.0.0-alpha.8), @admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49) +190 more potentially affected by unknown CVE via @react-native-aria/radio (=0.2.13)

@react-native-aria/radio NPM version =0.2.13 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/radio and may be impacted: - @adaptui/react-native-tailwind =1.0.0-alpha.0, =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2,...

SUSE CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

GHSA-JJ5C-HHRG-VV5H xhtml2pdf Denial of Service via crafted string

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

xhtml2pdf 安全漏洞

xhtml2pdf is xhtml2pdf open source an HTML to PDF converter using Python, ReportLab Toolkit, html5lib and pypdf. A security vulnerability exists in xhtml2pdf version 0.2.13, which stems from a problem in the getcolor function of utils.py, allowing an attacker to cause a regular expression denial ...

PT-2023-22505 · Unknown · Spring-Boot-Actuator-Logview

Name of the Vulnerable Software and Affected Versions: spring-boot-actuator-logview version 0.2.13 Description: The issue allows Directory Traversal to sibling directories via the LogViewEndpoint.view endpoint. This enables access to files outside the intended directory, potentially leading to...

CVE-2021-24548

The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Authenticated Stored Cross-Site Scripting XSS in the "Default Publisher ID" field on the plugin's settings page...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugins is an open source application plugin for WordPress. WordPress Plugins mimicbooks A cross-site scripti...

Lukashinsch Spring Boot Actuator Logview Path Traversal Vulnerability

Lukashinsch Spring Boot Actuator Logview is a codebase by the individual developer Ffay Lukashinsch that provides Spring Boot with the ability to view logs via a web interface. A path traversal vulnerability exists in spring-boot-actuator-logview versions prior to 0.2.13, which stems from the...