70 matches found
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: calico-fips, argo-cd-fips, zot, minio, cilium-cli, gatekeeper-fips, snyk-cli, argo-workflows-fips, chisel-fips, external-secrets-operator-fips, rancher-agent, docker-machine-driver-harvester, cilium, coder-fips, gitea-fips, frankenphp-8.3, k9s-fips, trivy-operator,...
GHSA-XHF5-7WJV-PQXP vulnerabilities
Vulnerabilities for packages: teleport, crossplane-fips, headlamp-fips, grype-fips, rancher-helm, newrelic-infrastructure-agent-fips, kubescape-operator, zot, consul-k8s, fuse-overlayfs-snapshotter, helm-push, rancher-agent, ctop, envoy-gateway, neuvector-scanner-fips, syft, k9s-fips,...
CVE-2026-7715
A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...
CVE-2026-7715 ravenwits mcp-server-arangodb MCP tools.ts arango_backup path traversal
A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...
CVE-2026-7715
A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...
CVE-2026-7715
Technical details are not publicly available in the provided documents. Monitor for updates from the project and CVE entry.
EUVD-2026-26866
A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...
PT-2026-36743
Name of the Vulnerable Software and Affected Versions ravenwits mcp-server-arangodb versions prior to 0.4.8 Description A path traversal issue exists in the MCP Interface component within the arango backup function of the src/tools.ts file. A remote attacker can manipulate the outputDir argument ...
CVE-2026-41673 vulnerabilities
Vulnerabilities for packages: librechat, saf, sqlpad, npm, arangodb, actions-runner...
CVE-2026-41672 vulnerabilities
Vulnerabilities for packages: librechat, saf, sqlpad, npm, arangodb, actions-runner...
GHSA-X6WF-F3PX-WCQX vulnerabilities
Vulnerabilities for packages: librechat, saf, sqlpad, npm, arangodb, actions-runner...
CVE-2026-41674 vulnerabilities
Vulnerabilities for packages: librechat, saf, sqlpad, npm, arangodb, actions-runner...
GHSA-F6WW-3GGP-FR8H vulnerabilities
Vulnerabilities for packages: librechat, saf, sqlpad, npm, arangodb, actions-runner...
GHSA-2V35-W6HQ-6MFW vulnerabilities
Vulnerabilities for packages: librechat, saf, sqlpad, npm, arangodb, actions-runner...
GHSA-J759-J44W-7FR8 vulnerabilities
Vulnerabilities for packages: librechat, saf, sqlpad, npm, arangodb, actions-runner...
CVE-2026-41675 vulnerabilities
Vulnerabilities for packages: librechat, saf, sqlpad, npm, arangodb, actions-runner...
CVE-2026-34601 vulnerabilities
Vulnerabilities for packages: sqlpad, arangodb, saf...
CVE-2019-25367
ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface index.html through search, user management, and API parameters. Attackers can inject scripts via parameters in /db/system/admin/aardvark/index.html to execute JavaScript i...
EUVD-2019-19411
ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface index.html through search, user management, and API parameters. Attackers can inject scripts via parameters in /db/system/admin/aardvark/index.html to execute JavaScript i...
CVE-2019-25367
ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html). The issues allow injection of scripts via parameters in /_db/_system/_admin/aardvark/index.html, enabling JavaScript execution in authenticated users’ browse...