1017 matches found
CVE-2026-7811
Summary (CVE-2026-7811): A path traversal vulnerability affects 54yyyu code-mcp up to commit 4cfc4643541a110c906d93635b391bf7e357f4a8 in the MCP File Handler component. The is_safe_path function in src/code_mcp/server.py is implicated. Exploitation can be performed remotely. Public disclosure exi...
CVE-2026-7811
A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function issafepath of the file src/codemcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...
PT-2026-36972
A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is safe path of the file src/code mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...
LangChain-Chatchat 加密问题漏洞
LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of LangChain-Chatchat 0.3.1.3 and earlier had an encryption vulnerability. This vulnerability stems from a function in the Uploaded File Handler component, specifically th...
Code-MCP 路径遍历漏洞
Code-MCP is an AI-integrated tool for terminal and file operations developed by Steven Yu. Versions of Code-MCP 4cfc4643541a110c906d93635b391bf7e357f4a8 and earlier have a path traversal vulnerability. This vulnerability stems from a problem with the MCP File Handler component in the issafepath...
CVE-2026-42473
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
CVE-2026-42473
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
CVE-2026-7388
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
CVE-2026-7388
CVE-2026-7388 affects EyouCMS up to version 1.7.9, specifically the Template File Handler’s FilemanagerLogic.php editFile function. The weakness enables code injection via remote manipulation of the editFile workflow. Public exploit appears available and the vendor has not publicly responded to t...
CVE-2026-7388 EyouCMS Template File FilemanagerLogic.php editFile code injection
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
CVE-2026-7388
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
EUVD-2026-26251
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
CVE-2026-7388 EyouCMS Template File FilemanagerLogic.php editFile code injection
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
JLSEC-2026-325
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SMdelete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is...
CLSA-2026-1777446306 python: Fix of CVE-2019-9948
CVE-2019-9948: fix urllib localfile:// URL scheme bypass that allowed file reads when localfile handler was defined...
PT-2026-35940
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
CVE-2026-7315
A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function getpdfpath of the file src/spirepdfmcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploi...
EUVD-2026-26152
A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function getpdfpath of the file src/spirepdfmcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploi...
CVE-2026-7315
A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function getpdfpath of the file src/spirepdfmcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploi...
CVE-2026-7217
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...