CVE-2026-33147

GMT is an open-source suite of CLI tools for geographic/Cartesian data. A stack-based buffer overflow was identified in the gmt_remote_dataset_id function (src/gmt_remote.c) affecting versions up to 6.6.0. Trigger occurs when a specially crafted long string is passed as a dataset identifier (e.g....

GHSA-392F-GGF5-FP3C OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists

Summary A paired node could supply Unicode-confusable platform or deviceFamily metadata that passed metadata pinning but classified differently for command policy resolution, broadening default node command allowlists. Impact This is a policy-bypass issue within the paired-node trust boundary and...

OPENSUSE-SU-2026:20148-1 Security update for dpdk

This update for dpdk fixes the following issues: Update to version 24.11.4. Security issues fixed: - CVE-2025-23259: issue in the Poll Mode Driver PMD allows an attacker on a VM in the system to leak information and cause a denial of service on the network interface bsc1254161. Other issues fixed...

EUVD-2025-203926

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/ListEvents.php file. When filtering events by type, the WhichType POST parameter is not properly sanitized or type-casted before being used in multiple SQL queries. This...

EUVD-2018-0333

Malware in sbrugna...

EUVD-2025-27167

Malicious code in bioql PyPI...

CVE-2025-54994

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

CVE-2025-54994

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API

Command Injection in MCP Server The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the to...

CVE-2025-54994

CVE-2025-54994 affects the MCP Server Starter kit @akoskm/create-mcp-server-stdio. The vulnerable component is the which-app-on-port tool that uses Node.js child_process.exec, exposing command-injection risk when user input is unsafely concatenated into shell commands. Affected versions precede 0...

CVE-2025-54994 @akoskm/create-mcp-server-stdio has Command Injection in MCP Server due to unsafe `exec` API

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

PT-2025-36603

Command Injection in MCP Server The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the to...

PT-2025-36503

Name of the Vulnerable Software and Affected Versions: @akoskm/create-mcp-server-stdio versions prior to 0.0.13 Description: The @akoskm/create-mcp-server-stdio package, a MCP server starter kit utilizing the StdioServerTransport, contains a command injection issue in versions prior to 0.0.13. Th...

MAL-2025-8613 Malicious code in @malware-test-drugs-hitch-coppy-which/test-mlw3-drugs-hitch-coppy-which (npm)

The package @malware-test-drugs-hitch-coppy-which/test-mlw3-drugs-hitch-coppy-which was found to contain malicious code...

Malicious code in test-mlw2-spore-which-reach-crepe (npm)

The package test-mlw2-spore-which-reach-crepe was found to contain malicious code...

MAL-2025-36314 Malicious code in test-mlw2-spore-which-reach-crepe (npm)

The package test-mlw2-spore-which-reach-crepe was found to contain malicious code...

[SECURITY] Fedora 42 Update: rust-which-8.0.0-1.fc42

A Rust equivalent of Unix command "which". Locate installed executable in cross platforms...

Fedora 41 : helix / rust-blazesym-c / rust-clearscreen / rust-gitui / etc (2025-785afc6856)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-785afc6856 advisory. rust-which 8.0.0 - Add new Sys trait to allow abstracting over the underlying filesystem. Particularly useful for wasm32-unknown-unknown targets. Thanks...

which-fly.co.uk Cross Site Scripting vulnerability OBB-3079494

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

which-salmon-fly.com Cross Site Scripting vulnerability OBB-2636741

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...