Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/09/10 8:18 p.m.16 views

CVE-2025-54994

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

9.3CVSS7.5AI score0.01371EPSS
Exploits0References1
NVD
NVD
added 2025/09/08 8:15 p.m.57 views

CVE-2025-54994

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

9.3CVSS0.01371EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/08 7:42 p.m.73 views

@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API

Command Injection in MCP Server The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the to...

9.3CVSS8AI score0.01371EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.5 views

PT-2025-36503

Name of the Vulnerable Software and Affected Versions: @akoskm/create-mcp-server-stdio versions prior to 0.0.13 Description: The @akoskm/create-mcp-server-stdio package, a MCP server starter kit utilizing the StdioServerTransport, contains a command injection issue in versions prior to 0.0.13. Th...

9.3CVSS6.9AI score0.01371EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.6 views

PT-2025-36603

Command Injection in MCP Server The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the to...

9.3CVSS8AI score
Exploits0References6
Rows per page
Query Builder