VYPR
Vendor

Akutishevsky

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2025-15063CriJan 23, 2026
    risk 0.64cvss 9.8epss 0.02

    Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The specific…

  • CVE-2026-26029HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.01

    sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation…

  • CVE-2025-20381MedDec 3, 2025
    risk 0.35cvss 5.4epss 0.00

    In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP…

  • CVE-2026-6494MedApr 17, 2026
    risk 0.34cvss 5.3epss 0.00

    A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker…

  • CVE-2025-66689Jan 12, 2026
    risk 0.00cvss epss 0.00

    A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. The vulnerability is caused by flawed logic in the is_dangerous_path() validation function that uses exact string matching against a…