21980 matches found
CVE-2026-6809 Social Post Embed <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Threads Embed
The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on the user-supplied URL. This makes it possible for authenticated...
CVE-2026-7217
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...
CVE-2026-7215
A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launchvmdguitool of the file mcpserver.py of the component VMD Launch Handler. The manipulation of the argument structurefile/trajectoryfile results in command injection. The attack may be launch...
EUVD-2026-25973
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...
CVE-2026-7217 Deepractice PromptX Document File index.ts read_pdf absolute path traversal
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...
CVE-2026-7217
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...
CVE-2026-7217 Deepractice PromptX Document File index.ts read_pdf absolute path traversal
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...
CVE-2026-7217
Summary: CVE-2026-7217 affects Deepractice PromptX ≤ 2.4.0. The vulnerability lies in the Document File Handler’s index.ts functions read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf, where manipulation of the argument path enables absolute path traversal. This is a remote-execution-capable...
CVE-2026-7215 egtai gmx-vmd-mcp VMD Launch mcp_server.py launch_vmd_gui_tool command injection
A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launchvmdguitool of the file mcpserver.py of the component VMD Launch Handler. The manipulation of the argument structurefile/trajectoryfile results in command injection. The attack may be launch...
EUVD-2026-25971
A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launchvmdguitool of the file mcpserver.py of the component VMD Launch Handler. The manipulation of the argument structurefile/trajectoryfile results in command injection. The attack may be launch...
CVE-2026-7215
A CVE-2026-7215 exists in egtai gmx-vmd-mcp up to 0.1.0 affecting the VMD Launch Handler’s mcp_server.py; specifically, the function launch_vmd_gui_tool is vulnerable due to manipulation of the structure_file/trajectory_file arguments, enabling command injection. Access may be remote, and publicl...
CVE-2026-7203
A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely...
CVE-2026-7202
A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...
EUVD-2026-25960
A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely...
CVE-2026-7203
CVE-2026-7203 affects Totolink A8000RU (firmware 7.1cu.643_b20200521) in the CGI Handler component, specifically the function setUrlFilterRules in /cgi-bin/cstecgi.cgi. The argument enable can be manipulated to achieve OS command injection, enabling a remote attack. Exploit details are publicly a...
PT-2026-35647
A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch vmd gui tool of the file mcp server.py of the component VMD Launch Handler. The manipulation of the argument structure file/trajectory file results in command injection. The attack may be...
PromptX 路径遍历漏洞
PromptX is an open-source AI role creation and intelligent tool development platform based on the MCP protocol by Deepractice. Versions of PromptX 2.4.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the path parameters of the functions readdocx, readxlsx,...
TOTOLINK A8000RU 命令注入漏洞
TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setOpenVpnClientCfg function in the CGI Handler component, specifically the handling of the...
XXL-JOB 安全漏洞
XXL-JOB is a distributed task scheduling platform developed by xuxueli. Versions of XXL-JOB 3.3.2 and earlier contain security vulnerabilities. These vulnerabilities stem from improper control of resource identifiers due to the parameter logId in the function logDetailCat of the Execution Log...
Spire.Doc MCP Server 路径遍历漏洞
Spire.Doc MCP Server is a tool provided by E-iceblue Product Family for individual developers, allowing them to work with Word documents without the need for Microsoft Word. Version 0.1.1 of Spire.Doc MCP Server contains a path traversal vulnerability. This vulnerability stems from the getpdfpath...