CVE-2026-30625

Upsonic 0.71.6 is affected by a remote code execution vulnerability in the MCP server/task creation functionality. The issue allows crafting MCP tasks with arbitrary command and args values; although an allowlist exists, commands like npm/npx can leverage argument flags to execute arbitrary OS co...

PT-2026-33073

Name of the Vulnerable Software and Affected Versions Upsonic versions prior to 0.72.0 Description An issue exists in the MCP server/task creation functionality where users can define MCP tasks with arbitrary command and args values. While an allowlist is in place, certain permitted commands such...

CVE-2026-30625

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

PT-2023-25174 · Vega · Vega

Name of the Vulnerable Software and Affected Versions: Vega versions prior to 0.71.6 Description: A vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge...