3230 matches found
CVE-2026-6418
An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...
CVE-2026-5192 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1filefilepath' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary...
CVE-2026-6418 PaperCut NG/MF: Path Traversal in Shared Account Synchronization
An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...
CVE-2026-7812
A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function gitoperation of the file src/codemcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack...
PT-2026-36973
A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git operation of the file src/code mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attac...
Directory Traversal
Overview @puchunjie/doc-tools-mcp is a Word 文档处理 MCP 服务器 - 基于 TypeScript 的文档处理工具 Affected versions of this package are vulnerable to Directory Traversal via the createdocument or opendocument functions in the MCP Interface component when processing the filePath argument. An attacker can access or...
GHSA-GCMM-C94J-J47X @puchunjie/doc-tools-mcp has a Path Traversal Issue
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...
CVE-2026-7738
CVE-2026-7738 affects puchunjie doc-tools-mcp 1.0.18, specifically the MCP Interface’s file src/mcp-server.ts, in the functions create_document/open_document. The root cause is manipulation of the argument filePath, leading to a path traversal vulnerability. This could allow remote attackers to a...
CVE-2026-7738 puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...
EUVD-2026-26919
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...
EUVD-2026-26830
A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410221110. Impacted is the function setsyscmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed...
EUVD-2026-26721
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...
[SECURITY] [DSA 6197-3] dovecot regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-6197-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2026 https://www.debian.org/security/faq -...
GHSA-MQ9Q-25HM-G4GP AstrBot Makes Use of Hard-coded Password
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...
CVE-2026-7579 AstrBotDevs AstrBot Dashboard auth.py hard-coded credentials
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...
picoctf-2025-unsafe-eval-writeup
picoCTF 2025 — Unssafe Eval Web Exploitation Challenge:...
EUVD-2026-26470
A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...
CVE-2026-7319
A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function getcontextfilepath of the file src/executionsystemmcp/server.py of the component addaction Tool. This manipulation of the argument context causes path traversal. The attack can be initiated remotely...
CVE-2026-22070
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal...
CVE-2026-22070
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal...