216 matches found
CVE-2026-7159
A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...
CVE-2026-10269
A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...
CVE-2026-10269 decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization
A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...
EUVD-2026-33685
A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...
CVE-2026-10269 decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization
A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...
CVE-2026-10269
Summary (CVE-2026-10269) : A vulnerability in decolua 9router
PT-2026-45446
A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...
@squawk/mcp (=0.4.1) potentially affected by unknown CVE via @squawk/notams (=0.2.3)
@squawk/notams NPM version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on @squawk/notams and may be impacted: - @squawk/mcp =0.4.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3451...
@squawk/mcp (>=0.4.1 <=0.6.0) potentially affected by unknown CVE via @squawk/weather (>=0.3.4 <=0.4.1)
@squawk/weather NPM version =0.3.4, =0.4.1, =0.6.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3456...
mkdocs-mcp-plugin has a Path Traversal issue
A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...
PT-2026-35532
A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read document/list documents of the file server.py. Performing a manipulation of the argument docs dir/file path results in path traversal. The attack is possible to be carried out remotely. The exploit h...
MkDocs MCP Plugin 路径遍历漏洞
MkDocs MCP Plugin is an open-source document intelligent search and integration tool developed by Dou. Versions of MkDocs MCP Plugin prior to 0.4.1 contained a path traversal vulnerability. This vulnerability stemmed from improper handling of parameters docsdir and filepath in the...
CVE-2026-2719
The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2719 Private WP suite <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Exceptions' Setting
The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2719
The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Private WP suite 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Private WP suite plugin <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Private WP suite versions = 0.4.1...
CVE-2026-33430
Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...
WordPress Sheets2Table plugin <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titles' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'titles' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Sheets2Table versions = 0.4.1...
CVE-2026-3619
The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titles' shortcode attribute in the sheets2table-render-table shortcode in all versions up to and including 0.4.1. This is due to insufficient input sanitization and output escaping. Specifically, the...