A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious ins
A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model.
It is possible to create a file name that will be appended to the user prompt causing Windsurf to
An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted co
The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) to the application has the po
Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that
aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication i
A vulnerability was detected in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Requ
aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system.
A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py o
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing a
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet
An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitr
An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows
A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue is the function sub_4153FC of the file /cgi-bin/sysconf.cgi of the
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker wi
node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exi
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute mal
A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwd_se
A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system.
This
Page 1+ Next →