21980 matches found
MCP Chat Studio 代码问题漏洞
MCP Chat Studio is a testing and development platform for MCP servers, developed by JoeCastrom. Versions of MCP Chat Studio 1.5.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from unknown functions in the LLM Models API component file server/routes/llm.js, which...
PT-2026-35360
A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...
CVE-2026-7059
A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function getsimulationposts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated...
CVE-2026-7059
The CVE-2026-7059 entry concerns 666ghj MiroFish (affected up to version 0.1.2). The vulnerability lies in the get_simulation_posts function of backend/app/api/simulation.py within the Query Parameter Handler. An attacker can achieve path traversal by manipulating the Platform argument. The issue...
CVE-2018-25263
Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler SEH overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log...
EUVD-2018-21791
Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler SEH overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log...
CVE-2018-25263 Faleemi Desktop Software 1.8.2 Local Buffer Overflow SEH
Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler SEH overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log...
CVE-2018-25263 Faleemi Desktop Software 1.8.2 Local Buffer Overflow SEH
Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler SEH overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log...
CVE-2026-7041
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...
Insufficiently Protected Credentials
Overview ssh-mcp is a MCP server exposing SSH control for Linux and Windows systems via Model Context Protocol. Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the Command Line Handler component due to the storage of the credential in plaintext. An...
Malicious code in @ozon-complt/antibot-handler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d2b2c8d66cf69cda5e16765e70a8c3615ecfc57baa6a283228bab60dcc337dc The package @ozon-complt/antibot-handler was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3066 Malicious code in @ozon-complt/antibot-handler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d2b2c8d66cf69cda5e16765e70a8c3615ecfc57baa6a283228bab60dcc337dc The package @ozon-complt/antibot-handler was found to contain malicious code. Source: ghsa-malware...
CVE-2026-7041 666ghj MiroFish Werkzeug Debugger PIN console information disclosure
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...
CVE-2026-7041
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...
CVE-2026-7041
Affects 666ghj MiroFish up to version 0.1.2. The vulnerability lies in an unknown function handling the /console path of the Werkzeug Debugger PIN Handler. By manipulating the SECRET argument, an information disclosure is possible. Attacker can exploit remotely, with a high attack complexity and ...
EUVD-2026-25717
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...
CVE-2026-7037
A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed...
CVE-2026-7038
A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...
CVE-2026-7036
A vulnerability was identified in Tenda i9 1.0.0.52204. This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...
CVE-2026-7038 tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials
A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...