terminal-controller-mcp 0.1.7, an MCP (Model Context Protocol) server for terminal control, has command injection in execute_command that allows arbitrary command execution. Maximum CVSS 10.0 with scope change – compromising the MCP server grants control over all connected AI agents.
TRENDnet TEW-713RE WiFi range extender (v1.02) has OS command injection in /goformX/formFSrvX via the SZCMD parameter. Public exploit available, vendor unresponsive. The device likely will not receive a patch.
Arbitrary code execution in the pnpm package manager (versions 10.0.0 through 10.25) lets a git-hosted dependency run code on a developer or CI machine during pnpm install, bypassing the v10 default protection that disables dependency lifecycle scripts. Although v10 blocks postinstall via the onlyBuiltDependencies allowlist, git dependencies still run prepare, prepublish, and prepack scripts during the fetch phase, giving remote code execution without user approval. Publicly available exploit code exists (GitHub advisory GHSA-379q-355j-w6rj), but EPSS is low (0.11%) and the issue is not listed in CISA KEV; it is fixed in version 10.26.0.
RustFS (alpha.13 to alpha.78) has a path traversal in /rustfs/rpc/read_file_stream that allows reading arbitrary files on the server. PoC available, fixed in alpha.79.
Tarkov Data Manager has reflected XSS in the toast notification system. Attackers can craft URLs that execute arbitrary JavaScript in the victim's browser, stealing session tokens. PoC available, fixed in January 2025.
LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests to internal networks. By configuring agents with malicious OpenAPI specifications, attackers can scan internal infrastructure and access internal services. PoC available, patch available.
Type confusion in iccDEV library versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code execution with user interaction by crafting malicious ICC color profiles. Public exploit code exists for this vulnerability affecting organizations that process color management profiles through the iccDEV libraries. A patch is available in version 2.3.1.2 with no known workarounds prior to upgrading.
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles, affecting applications that use the iccDEV library to manage color data. Public exploit code exists for this vulnerability, enabling attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. Update to version 2.3.1.2 or later to remediate.
Type confusion in iccDEV versions before 2.3.1.2 allows attackers to corrupt memory and achieve high-impact outcomes including code execution, data theft, and denial of service when processing malicious ICC color profiles. The vulnerability exists in the CIccSegmentedCurveXml::ToXml() function and affects any application using the iccDEV library to handle color management data. Public exploit code exists for this vulnerability, though a patch is available in version 2.3.1.2 and later.
Type confusion in iccDEV versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code execution through malicious ICC color profiles processed by the ToXmlCurve() function. Public exploit code exists for this vulnerability, affecting any application or system using the vulnerable iccDEV library to parse color management profiles. A patch is available in version 2.3.1.2 and should be applied immediately.
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles, affecting applications that use the library to handle color management data. An attacker can trigger the vulnerability through a crafted profile file requiring only user interaction to open, potentially achieving complete system compromise. Public exploit code exists and no patch is currently available.
Heap buffer overflow in iccDEV versions prior to 2.3.1.2 allows remote attackers to execute arbitrary code through the CIccLocalizedUnicode::GetText() function with minimal attack complexity. The vulnerability affects users of the ICC color profile manipulation library and has public exploit code available. Organizations using vulnerable versions should upgrade to 2.3.1.2 or later immediately.
Supply-chain integrity bypass in pnpm package manager (versions ≤10.26.2, per description; GHSA states <10.26.0) allows malicious package authors to serve different tarball content on each install because HTTP/HTTPS tarball and git-hosted tarball dependencies are recorded in the lockfile without integrity hashes. Publicly available exploit code exists in the GHSA-7vhp-vf5g-r2fw advisory PoC, though EPSS remains low at 0.01% and the issue is not on CISA KEV. Any project transitively depending on a package that uses an HTTP/git tarball is exposed, and a committed lockfile offers no protection.
A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string. [CVSS 6.5 MEDIUM]
{VAR} substitution inside .npmrc tokenHelper settings combined with spawnSync invoked with shell: true. The bug primarily threatens CI/CD build environments where untrusted inputs may flow into env vars or .npmrc files, and publicly available exploit code exists, though it is not listed in CISA KEV and EPSS is very low at 0.08%.
Heap buffer overflow in iccDEV versions prior to 2.3.1.2 allows local attackers with user interaction to achieve arbitrary code execution through malicious ICC color profile manipulation in the IccTagXml() function. Public exploit code exists for this vulnerability, which affects all users of the vulnerable iccDEV libraries and tools. A patch is available in version 2.3.1.2.
The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via the file parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. [CVSS 7.5 HIGH]
The MediaWiki CSS extension in versions 1.39, 1.43, and 1.44 contains a path traversal vulnerability that allows unauthenticated remote attackers to read arbitrary files from the server. Public exploit code exists for this vulnerability, enabling attackers to access sensitive information outside the intended directory restrictions. A patch is available and should be applied immediately to affected installations.
Filesystem-Mcp versions up to 0.5.8 contains a vulnerability that allows attackers to bypass directory restrictions by leveraging symlinks within the allowed director (CVSS 7.5).
fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. [CVSS 7.5 HIGH]
A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . [CVSS 7.2 HIGH]
Missing Origin/Host header validation in Microsoft's Playwright MCP Server (versions before 0.0.40) lets a remote web page reach a developer's locally bound MCP HTTP endpoint through a DNS rebinding attack, causing unauthorized invocation of MCP tool endpoints that drive an automated browser. Publicly available exploit code exists (a proof-of-concept gist and a VulnCheck advisory), though the flaw is not listed in CISA KEV and EPSS probability is low (0.25%, 48th percentile). Exploitation requires that a victim with the server running visit an attacker-controlled page, so this is opportunistic rather than mass-scannable.
The Tarkov Data Manager is a tool to manage the Tarkov item data. [CVSS 7.2 HIGH]
iccDEV versions before 2.3.1.2 contain undefined behavior in the CIccTagCurve constructor that allows attackers to cause denial of service or data integrity issues when processing malicious ICC color profiles. The vulnerability requires user interaction to trigger and affects anyone using the library to handle color management profiles, with public exploit code already available. Administrators should upgrade to version 2.3.1.2 immediately as no workarounds exist.
Undefined behavior in iccDEV's ICC color profile validation function (versions before 2.3.1.2) allows attackers to cause denial of service or integrity violations when processing specially crafted color profiles. The vulnerability requires user interaction to trigger and affects any application using the iccDEV library to handle ICC profiles. Public exploit code exists for this vulnerability; patched version 2.3.1.2 is available.
iccDEV versions before 2.3.1.2 contain undefined behavior in the CIccTagLut16::Read() function that allows attackers to cause denial of service or data corruption when processing specially crafted ICC color profiles. The vulnerability requires user interaction to exploit and affects applications using the iccDEV library to handle color management profiles. Public exploit code exists for this issue, though a patch is available in version 2.3.1.2.
Undefined behavior in iccDEV versions before 2.3.1.2 allows remote attackers to cause denial of service or data corruption through maliciously crafted ICC color profiles processed by the library. The vulnerability requires user interaction to open a malicious profile and public exploit code exists. Organizations using iccDEV should upgrade to version 2.3.1.2 or later.
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. [CVSS 7.1 HIGH]
Panda3D egg-mkfont (through 1.10.16) has a stack buffer overflow via an unbounded sprintf() with attacker-controlled glyph pattern input. PoC available.
Panda3D's deploy-stub executable up to version 1.10.16 is vulnerable to denial of service through unvalidated stack allocation based on command-line argument counts, allowing local attackers to crash the application by supplying excessive arguments. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw can trigger reliable crashes and undefined behavior during Python interpreter initialization.
Heap buffer overflow in iccDEV's ToneMap parser (versions prior to 2.3.1.2) allows local attackers with user interaction to achieve information disclosure and denial of service, with potential for code execution. Public exploit code exists for this vulnerability. Update to version 2.3.1.2 or later to remediate.
The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'plan_icons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
Denial of service in iccDEV versions before 2.3.1.2 allows unauthenticated attackers to crash applications processing ICC color profiles through a type confusion vulnerability in the XML profile parser. Public exploit code exists for this vulnerability. Users of the iccDEV library should upgrade to version 2.3.1.2 to remediate the issue.
iccDEV versions prior to 2.3.1.2 contain a null pointer dereference vulnerability in ICC color profile processing that causes denial of service when malicious or malformed profiles are processed. Public exploit code exists for this vulnerability, and no patched version is currently available. Users of the iccDEV library who handle untrusted color profiles are at risk of application crashes.
Arbitrary file disclosure in REDAXO's Backup addon allows authenticated users with backup permissions to read any file within the webroot by bypassing directory validation in the file export function. An attacker can manipulate the EXPDIR parameter with path traversal sequences to include unauthorized files in exported archives. Public exploit code exists; a patch is available in version 5.20.2 and later.
iccDEV before version 2.3.1.2 contains a type confusion vulnerability in the XML tag processing function that allows attackers to trigger information disclosure, data modification, or denial of service when processing specially crafted ICC color profiles. Public exploit code exists for this vulnerability, affecting users who process untrusted color profile files with the iccDEV library. A patch is available in version 2.3.1.2 and should be applied immediately.
A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. [CVSS 6.1 MEDIUM]
Cross-site scripting (XSS) in MediaWiki's ProofreadPage extension (versions 1.39, 1.43, 1.44, 1.45) allows attackers to inject malicious scripts through improper input sanitization during web page generation. Public exploit code exists for this vulnerability, which requires user interaction to trigger. A patch is available to remediate the issue.
iccDEV versions before 2.3.1.2 are vulnerable to a null pointer dereference in the CIccTagSparseMatrixArray function when processing ICC color profiles, allowing local attackers with user interaction to cause denial of service or data corruption. Public exploit code exists for this vulnerability. Users should upgrade to version 2.3.1.2 or later to remediate the issue.
Tarkov Data Manager's login endpoint can be bypassed using JavaScript prototype property access combined with loose equality type coercion. Any unauthenticated user can gain full admin access. Fixed in January 2025 commits.
Optional Email plugin for WordPress (through 1.3.11) has a privilege escalation via a filter that leaks predictable password reset keys. The 'random_password' filter affects not just registration but also password reset key generation, making reset tokens guessable.
DZS Video Gallery WordPress plugin (through 12.37) is vulnerable to PHP object injection through insecure deserialization. An unauthenticated attacker can inject arbitrary PHP objects, potentially achieving code execution through POP chains.
Undertow HTTP server (used in WildFly, JBoss EAP) fails to validate Host headers, enabling cache poisoning, internal network scanning, and session hijacking. Affects a widely-used Java application server component.
House Rental And Property Listing Project versions up to 1.0 is affected by improper access control (CVSS 7.3).
iccDEV versions prior to 2.3.1.2 suffer from denial of service due to undefined behavior triggered by invalid enum values in ICC color profile processing. A local attacker with user interaction can crash the application or cause system instability, and public exploit code exists. The vulnerability affects users of the iccDEV library on affected systems, with patches available in version 2.3.1.2 and later.
Local denial of service in iccDEV versions prior to 2.3.1.2 stems from a stack overflow in the calculator parser component, allowing unauthenticated users to crash the application through crafted input. Public exploit code exists for this vulnerability, which affects Stack Overflow and Iccdev products. A patch is available in version 2.3.1.2 and should be applied immediately.
iccDEV versions prior to 2.3.1.2 are vulnerable to stack overflow through malformed XML calculator macro expansion, allowing local attackers to trigger a denial of service condition. Public exploit code exists for this vulnerability, which affects ICC color profile manipulation tools used in Stack Overflow and Iccdev products. A patch is available in version 2.3.1.2 and should be applied promptly to mitigate exploitation risk.
iccDEV versions prior to 2.3.1.2 are vulnerable to denial of service through a null pointer dereference in the XML tag parser, allowing local attackers with user interaction to crash the application. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.2.
iccDEV versions prior to 2.3.1.2 are susceptible to denial of service through a null pointer dereference in the XML parser, allowing local attackers with user interaction to crash the application. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.2 and later.
iccDEV versions prior to 2.3.1.2 suffer from a null pointer dereference in the XML calculator parser that allows local attackers to crash the application and cause a denial of service. Public exploit code exists for this vulnerability. A patch is available in version 2.3.1.2 and later.