CVE-2026-4270

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

awslabs-core-mcp-server (>=1.0.8 <=1.0.27), awslabs-dynamodb-mcp-server (>=2.0.4 <=2.1.3) +1 more potentially affected by CVE-2026-4270 via awslabs-aws-api-mcp-server (>=1.0.2 <=1.3.36)

awslabs-aws-api-mcp-server PYPI version =1.0.2, =1.0.8, =2.0.4, =2.1.3 - dungngo-awslabs-core-mcp-server =1.0.9 Source cves: CVE-2026-4270 Source advisory: OSV:GHSA-2CPP-J2FC-QHP7...

CVE-2026-4270

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

CVE-2023-4270

The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Linux Distros Unpatched Vulnerability : CVE-2018-4270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari...

CVE-2010-4270

creationtimestamp| type| source ---|---|--- 2025-06-17 21:02:20+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lrtfdzrurv24...

CVE-2025-4270

creationtimestamp| type| source ---|---|--- 2025-05-05 10:21:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3log5hxk65y2l 2025-05-05 11:41:44+00:00| exploited| https://t.me/cvedetector/24445 2025-08-01 21:02:26+00:00| seen|...

CVE-2025-4270

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to informatio...

CVE-2025-4270

The CVE-2025-4270 entry concerns TOTOLINK A720R (firmware 4.1.5cu.374) in the Config Handler’s /cgi-bin/cstecgi.cgi. Affects an unknown function where manipulating the topicurl parameter with inputs such as getInitCfg or getSysStatusCfg leads to information disclosure. The vulnerability can be ex...

CVE-2025-4270 TOTOLINK A720R Config cstecgi.cgi information disclosure

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to informatio...

CVE-2025-4270 TOTOLINK A720R Config cstecgi.cgi information disclosure

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to informatio...

CVE-2024-4270

creationtimestamp| type| source ---|---|--- 2025-03-24 16:23:06+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8472...

Linux Distros Unpatched Vulnerability : CVE-2013-4270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The netctlpermissions function in net/sysctlnet.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to...

CVE-2024-4270

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

CVE-2024-4270

CVE-2024-4270 — SVGMagic WordPress plugin (&lt;= 1.1) The vulnerability stems from the plugin not sanitizing SVG file contents, enabling an attacker with at least the author role to upload SVGs containing malicious JavaScript that can trigger Stored XSS. The issue is rooted in insufficient input ...

CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

openSUSE: Security Advisory for poppler (SUSE-SU-2023:4270-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : poppler (SUSE-SU-2023:4270-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4270-1 advisory. - An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion located in JBIG2Stream.cc, can be triggered by...

CVE-2023-4270

creationtimestamp| type| source ---|---|--- 2023-09-12 00:26:22+00:00| seen| https://t.me/cibsecurity/70239 2025-05-02 17:16:32+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14530...