Lexpl0It

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A use-after-free issue exists where a file descriptor can be closed while a thread is blocked in a `poll(2)` or `select(2)` call waiting for that descriptor. Since the blocked thread does not hold a reference to the underlying object, the object may be freed while the thread remains blocked. The kernel fails to unlink blocked threads from the per-object wait queue for certain file descriptor types before freeing the object. Consequently, when the blocked thread wakes up, it accesses memory that has already been freed. This can be triggered by an unprivileged local user to obtain superuser privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XixianLiang HarmonyOS-mcp-server version 0.1.0 **Description** A flaw exists in the `input text` function of XixianLiang HarmonyOS-mcp-server. Manipulation of the `text` argument can result in operating system command injection. Remote exploitation is possible. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BurtTheCoder mcp-maigret versions through 1.0.12 **Description** A flaw exists in the component search username within the file src/index.ts. Manipulating the `Username` argument can result in command injection, potentially allowing for remote attacks. **Recommendations** Upgrade to version 1.0.13 to address this issue.

**Name of the Vulnerable Software and Affected Versions** r-huijts xcode-mcp-server versions up to f3419f00117aa9949e326f78cc940166c88f18cb **Description** A command injection issue exists in the `registerXcodeTools` function within the `src/tools/xcode/index.ts` file of the `run lldb` component. Manipulation of the `args` argument can lead to remote command execution. The exploit has been publicly released. **Recommendations** Apply the patch identified as 11f8d6bacadd153beee649f92a78a9dad761f56f to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** isaacwasserman mcp-vegalite-server versions prior to 16aefed598b8cd897b78e99b907f6e2984572c61 **Description** A security issue exists in the `eval` function of the `visualize data` component. Manipulation of the `vegalite specification` argument can lead to code injection. This attack can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Versions prior to 16aefed598b8cd897b78e99b907f6e2984572c61 should be updated. As a temporary workaround, consider restricting or disabling the use of the `visualize data` component until a suitable update is available. Avoid using the `vegalite specification` parameter in the affected function `eval()` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** abhiphile fermat-mcp versions prior to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a **Description** A code injection issue exists in the `eqn chart` function within the `fmcp/mpl mcp/core/eqn chart.py` file. Manipulation of the `equations` argument can lead to code injection. This attack can be initiated remotely. The exploit is publicly available. The product uses a rolling release model, and no specific version details for affected or updated releases are available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816L version 2 06 b09 beta **Description** A stack-based buffer overflow exists in the `soapcgi main` function of the `/soap.cgi` file. This issue allows for remote exploitation. The exploit has been publicly disclosed. The affected product is no longer supported by the maintainer. The vulnerability stems from improper handling of input data within the `soapcgi main` function, potentially allowing an attacker to execute arbitrary code remotely. **Recommendations** Replace or isolate affected devices.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816L version 2 06 b09 beta **Description** A flaw exists in the D-Link DIR-816L router, specifically within the `genacgi main` function of the `gena.cgi` script. Manipulation of the `SERVER ID` or `HTTP SID` parameters can lead to a stack-based buffer overflow. This issue is exploitable remotely. The exploit has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816L version 2 06 b09 beta **Description** A stack-based buffer overflow exists in the `authenticationcgi main` function within the `/authentication.cgi` file of the D-Link DIR-816L. Manipulation of the `Password` argument allows for remote exploitation. The exploit is publicly available. This issue affects a product that is no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816L version 2 06 b09 beta **Description** A stack-based buffer overflow exists in the `scandir main` function of the `/portal/ ajax exporer.sgi` file. This flaw can be exploited remotely. The argument `en` can be manipulated to trigger the overflow. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DCS-935L versions prior to 1.13.01 **Description** A stack-based buffer overflow issue exists in the `sub 402280` function of the `/HNAP1/` file. The issue is due to the manipulation of the `HNAP AUTH/SOAPAction` argument, which can allow a remote attacker to execute arbitrary code. The vulnerability is related to a flawed implementation of the `strcpy()` function, which copies data into a buffer without checking the size of the input. This allows an attacker to send a specially crafted POST request to trigger the overflow. The product is no longer supported by the maintainer. **Recommendations** Versions prior to 1.13.01 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-645 version 105B01 **Description** A vulnerability was identified in the `soapcgi main` function of the `/soap.cgi` file. Manipulation of the `service` argument leads to command injection, allowing for remote attacks. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-816L version 206b01 **Description** A weakness exists due to the manipulation of the `service` argument within the `soapcgi main` function of the `/soap.cgi` file, leading to OS command injection. Remote exploitation is possible. The exploit has been made publicly available. This issue affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.