CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/28 2:30 a.m.•5 views

CVE-2026-7217

Summary: CVE-2026-7217 affects Deepractice PromptX ≤ 2.4.0. The vulnerability lies in the Document File Handler’s index.ts functions read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf, where manipulation of the argument path enables absolute path traversal. This is a remote-execution-capable...

6.9CVSS5.6AI score0.00062EPSS

ATTACKERKB•added 2026/04/28 2:30 a.m.•1 views

CVE-2026-7217

6.9CVSS5.5AI score0.00062EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/04/28 2:30 a.m.•22 views

CVE-2026-7217 Deepractice PromptX Document File index.ts read_pdf absolute path traversal

6.9CVSS0.00062EPSS

CNNVD•added 2026/04/28 12:0 a.m.•3 views

Spire.Doc MCP Server 路径遍历漏洞

Spire.Doc MCP Server is a tool provided by E-iceblue Product Family for individual developers, allowing them to work with Word documents without the need for Microsoft Word. Version 0.1.1 of Spire.Doc MCP Server contains a path traversal vulnerability. This vulnerability stems from the getpdfpath...

7.5CVSS7.2AI score0.00066EPSS

CNNVD•added 2026/04/28 12:0 a.m.•4 views

PromptX 路径遍历漏洞

PromptX is an open-source AI role creation and intelligent tool development platform based on the MCP protocol by Deepractice. Versions of PromptX 2.4.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the path parameters of the functions readdocx, readxlsx,...

6.9CVSS6.1AI score0.00062EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•3 views

PT-2026-35649

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read docx/read xlsx/read pptx/list xlsx sheets/read pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path...

6.9CVSS5.1AI score0.00062EPSS

Exploits0References6

CNNVD•added 2026/04/27 12:0 a.m.•2 views

MCP Chat Studio 代码问题漏洞

MCP Chat Studio is a testing and development platform for MCP servers, developed by JoeCastrom. Versions of MCP Chat Studio 1.5.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from unknown functions in the LLM Models API component file server/routes/llm.js, which...

7.5CVSS7.2AI score0.00058EPSS

OSV•added 2026/04/25 5:49 a.m.•0 views

OESA-2026-2056 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was found in Open...

8.8CVSS4.2AI score0.00111EPSS

Exploits5References6

EUVD•added 2026/04/20 6:31 p.m.•3 views

EUVD-2026-23876

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zbusers/plugin/AppCentre/appupload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available an...

5.8CVSS5.4AI score0.00047EPSS

NVD•added 2026/04/20 4:16 p.m.•0 views

CVE-2026-6650

5.8CVSS0.00047EPSS

Cvelist•added 2026/04/20 2:30 p.m.•28 views

CVE-2026-6650 Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload

5.8CVSS0.00047EPSS

Vulnrichment•added 2026/04/20 2:30 p.m.•3 views

CVE-2026-6650 Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload

5.8CVSS5.4AI score0.00047EPSS

ATTACKERKB•added 2026/04/13 9:0 p.m.•0 views

CVE-2026-6220

A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handler. Such manipulation of the argument streamIp leads to server-side request forgery. It is possibl...

5.8CVSS5.5AI score0.00047EPSS

RedhatCVE•added 2026/04/10 7:23 p.m.•0 views

CVE-2026-5960

A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. The...

5.3CVSS5.6AI score0.00037EPSS

NVD•added 2026/04/10 3:16 a.m.•1 views

CVE-2026-6000

A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unknown function of the file /sql/library.sql of the component SQL Database Backup File Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The...

5.3CVSS0.00037EPSS

CVE•added 2026/04/10 2:0 a.m.•5 views

CVE-2026-6000

CVE-2026-6000 affects code-projects Online Library Management System 1.0, specifically the SQL Database Backup File Handler component handling the file /sql/library.sql. A manipulation of an unknown function leads to information disclosure. The vulnerability allows a remote attacker to access sen...

5.3CVSS5.5AI score0.00037EPSS

Vulnrichment•added 2026/04/10 2:0 a.m.•2 views

CVE-2026-6000 code-projects Online Library Management System SQL Database Backup File library.sql information disclosure

5.3CVSS5.5AI score0.00037EPSS

ATTACKERKB•added 2026/04/09 5:0 a.m.•0 views

CVE-2026-5847

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

5.3CVSS5.4AI score0.00037EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/04/09 5:0 a.m.•0 views

CVE-2026-5847 code-projects Movie Ticketing System SQL Database Backup File moviedb.sql information disclosure

5.3CVSS5.4AI score0.00037EPSS