Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 9:29 p.m.8 views

CVE-2026-53766

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...

6.1CVSS5.8AI score0.00087EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/24 9:29 p.m.11 views

CVE-2026-53766

CVE-2026-53766 affects Chrome DevTools for agents (chrome-devtools-mcp). The issue arises because MCP's validatePath() uses path.resolve() to enforce workspace roots; path.resolve() does not canonicalize symbolic links, allowing a symlink within a configured root to point to a file outside that r...

6.1CVSS5.8AI score0.00087EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/06/17 7:48 p.m.52 views

CVE-2026-48817

CVE-2026-48817 affects Starlette 1.0.1 and earlier, where HTTPEndpoint dispatch selects a handler by lowercased method name via getattr without validating against a known HTTP verb. If a Route is used without explicitly listing methods=, every method can reach the endpoint, and non-standard HTTP ...

5.3CVSS5.2AI score0.00213EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/13 10:28 p.m.11 views

CVE-2025-55150

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization...

9.8CVSS7.1AI score0.01587EPSS
Exploits0References1
Rows per page
Query Builder