Latest CVE Feed
-
4.5
MEDIUMCVE-2025-11489
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be per... Read more
Affected Products :- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-9868
Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests.... Read more
Affected Products : nexus_repository_manager- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2025-11491
A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the att... Read more
Affected Products :- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-42706
A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 ... Read more
Affected Products :- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Denial of Service