Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2899 matches found

Snyk
Snykadded 2026/04/03 5:21 p.m.6 views

Server-side Request Forgery (SSRF)

Overview google-search-mcp is a Google Search MCP Server for Claude Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the extractContent function. An attacker can access internal resources or perform unauthorized requests by supplying crafted URLs to the...

6.5CVSS6.6AI score0.00206EPSS
Exploits0References2
NVD
NVDadded 2026/04/03 4:16 p.m.2 views

CVE-2026-5470

A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...

6.5CVSS0.00206EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/03 3:30 p.m.22 views

CVE-2026-5470 mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgery

A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...

6.5CVSS0.00206EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/03 3:30 p.m.1 views

CVE-2026-5470 mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgery

A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/03 3:30 p.m.3 views

CVE-2026-5470

A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...

6.5CVSS5.5AI score0.00206EPSS
Exploits0References4
CVE
CVEadded 2026/04/03 3:30 p.m.12 views

CVE-2026-5470

Consolidated details from connected sources confirm CVE-2026-5470 affects mixelpixx Google-Research-MCP; specifically the function extractContent in src/services/content-extractor.service.ts of the Model Context Protocol Handler. The vulnerability is a server-side request forgery (SSRF) caused by...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References4
Packet Storm
Packet Stormadded 2026/03/26 12:0 a.m.112 views

📄 textract 2.5.0 Command Injection

textract through version 2.5.0 allows OS command injection through the file path supplied to multiple extractors. Several code paths pass that file path into childprocess.exec with inadequate sanitization. An attacker who can influence the file name or path can break out of the command line and r...

9.8CVSS6AI score0.02421EPSS
Exploits4
EUVD
EUVDadded 2026/03/25 6:31 p.m.1 views

EUVD-2026-15459

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

5.8AI score0.02421EPSS
Exploits4References7
Github Security Blog
Github Security Blogadded 2026/03/25 6:31 p.m.3 views

textract is vulnerable to OS Command Injection

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

9.8CVSS5.9AI score0.02421EPSS
Exploits4References8Affected Software1
NVD
NVDadded 2026/03/25 4:16 p.m.2 views

CVE-2026-26831

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

9.8CVSS0.02421EPSS
Exploits4References6
Vulnrichment
Vulnrichmentadded 2026/03/25 12:0 a.m.0 views

CVE-2026-26831

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

5.9AI score0.02421EPSS
Exploits4References6
GithubExploit
GithubExploitadded 2026/03/24 4:15 p.m.124 views

Exploit for CVE-2026-26831

CVE-2026-26831: OS command injection in textract Summary...

6.2AI score0.02421EPSS
Exploits4
Tenable Nessus
Tenable Nessusadded 2026/03/22 12:0 a.m.1 views

Fedora 43 : localsearch (2026-ba6641558a)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ba6641558a advisory. Add a patch for several CVEs: CVE-2026-1764 - Heap Buffer Overflow in GNOME localsearch MP3 Extractor CVE-2026-1765 - Heap Buffer Overflow in GNOME...

8.1CVSS5.9AI score0.00339EPSS
Exploits3References5
OSV
OSVadded 2026/03/16 8:46 p.m.2 views

GHSA-F7CQ-GVH6-QR25 Monitoring is vulnerable to Archive Slip due to missing checks in sanitization

The sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to a path traversal bypass due to a missing trailing path separator in the strings.HasPrefix check. A crafted tar archive can write files outside the intended destination directory when using the extractor CLI...

9.8CVSS5.9AI score0.00655EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/02/26 10:14 a.m.5 views

CVE-2026-3163

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function filegetcontents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

7.5CVSS5.1AI score0.00275EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/02/26 12:0 a.m.5 views

Zed 安全漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.224.4 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the tar extractor created symbolic links without proper verification, which could lead to code execution...

8.8CVSS5.9AI score0.0049EPSS
Exploits1References1
EUVD
EUVDadded 2026/02/25 6:31 a.m.4 views

EUVD-2026-8513

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function filegetcontents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

7.5CVSS5.1AI score0.00275EPSS
Exploits1References6
OSV
OSVadded 2026/02/25 6:16 a.m.1 views

CVE-2026-3163

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function filegetcontents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

7.5CVSS6.1AI score0.00275EPSS
Exploits1References5
NVD
NVDadded 2026/02/25 6:16 a.m.4 views

CVE-2026-3163

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function filegetcontents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

7.5CVSS0.00275EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/02/25 5:32 a.m.33 views

CVE-2026-3163 SourceCodester Website Link Extractor URL file_get_contents server-side request forgery

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function filegetcontents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

6.5CVSS0.00275EPSS
Exploits1References5
Rows per page
Query Builder