CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/14 2:57 p.m.•5 views

Incomplete List of Disallowed Inputs

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate input validation in the validateCommandFlags and validateArgsForLocalFileAccess functions. An attacker can execute arbitrary commands on the...

8.8CVSS6.1AI score

RedhatCVE•added 2026/05/05 8:21 p.m.•4 views

CVE-2026-7738

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...

6.5CVSS6.3AI score0.00077EPSS

RedhatCVE•added 2026/05/04 8:21 p.m.•5 views

CVE-2026-7600

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

6.5CVSS6.3AI score0.01521EPSS

RedhatCVE•added 2026/05/04 8:21 p.m.•4 views

CVE-2026-7645

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

6.9CVSS6.2AI score0.00089EPSS

NVD•added 2026/05/04 7:16 a.m.•4 views

CVE-2026-7738

6.5CVSS0.00077EPSS

Exploits0References6

NVD•added 2026/05/04 5:16 a.m.•5 views

CVE-2026-7729

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...

6.5CVSS0.00048EPSS

Cvelist•added 2026/05/04 4:0 a.m.•29 views

CVE-2026-7730 privsim mcp-test-runner MCP index.ts child_process.spawn os command injection

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

6.5CVSS0.0123EPSS

Exploits0References6

ATTACKERKB•added 2026/05/04 4:0 a.m.•2 views

CVE-2026-7730

6.5CVSS6.4AI score0.0123EPSS

Exploits0References6Affected Software1

EUVD•added 2026/05/04 3:45 a.m.•6 views

EUVD-2026-26883

6.5CVSS5.5AI score0.00048EPSS

Cvelist•added 2026/05/04 3:30 a.m.•30 views

CVE-2026-7728 ryanjoachim mcp-rtfm MCP update_doc path traversal

A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function getdoccontent/readdoc/updatedoc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal. The attack can be launched remotely. The exploit is publicly...

6.5CVSS0.00057EPSS

Vulnrichment•added 2026/05/04 3:30 a.m.•2 views

CVE-2026-7728 ryanjoachim mcp-rtfm MCP update_doc path traversal

6.5CVSS6.3AI score0.00057EPSS

EUVD•added 2026/05/04 3:30 a.m.•2 views

EUVD-2026-26882

6.5CVSS5.5AI score0.00057EPSS

NVD•added 2026/05/04 1:16 a.m.•2 views

CVE-2026-7715

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...

6.5CVSS0.00057EPSS

Exploits0References6

Positive Technologies•added 2026/05/04 12:0 a.m.•1 views

PT-2026-36757

Name of the Vulnerable Software and Affected Versions ryanjoachim mcp-rtfm version 0.1.0 Description A path traversal issue exists in the MCP Interface component. A remote attacker can manipulate the docFile argument within the get doc content, read doc, and update doc functions to access or modi...

6.5CVSS6.6AI score0.00057EPSS

Exploits0References9

CNNVD•added 2026/05/04 12:0 a.m.•3 views

Test Runner MCP 命令注入漏洞

Test Runner MCP is a multi-framework testing and result-analysis tool for PrivSim individual developers. Version 0.2.0 of Test Runner MCP contains a command injection vulnerability. This vulnerability stems from the use of the childprocess.spawn function in the MCP Interface component, which allo...

6.5CVSS6.5AI score0.0123EPSS

Positive Technologies•added 2026/05/04 12:0 a.m.•2 views

PT-2026-36759

Name of the Vulnerable Software and Affected Versions privsim mcp-test-runner version 0.2.0 Description A flaw in the MCP Interface component allows for remote OS command injection. This occurs through the manipulation of the command argument within the child process.spawn function located in the...

6.5CVSS6.6AI score0.0123EPSS

Exploits0References8

Snyk•added 2026/05/02 6:30 p.m.•4 views

Directory Traversal

Overview sublinear-time-solver is a The Ultimate Mathematical & AI Toolkit: Sublinear algorithms, consciousness exploration, psycho-symbolic reasoning, chaos analysis, and temporal prediction in one unified MCP interface. WASM-accelerated with Lyapunov exponents and attractor dynamics. Affected...

6.9CVSS7AI score0.00089EPSS

Github Security Blog•added 2026/05/02 6:30 p.m.•3 views

sublinear-time-solver has a Path Traversal Issue

6.9CVSS6.2AI score0.00089EPSS

Exploits0References7Affected Software1

Snyk•added 2026/05/02 6:30 p.m.•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the exportstate function in the MCP Interface component. An attacker can overwrite or access arbitrary files by supplying crafted input to manipulate file paths remotely. Details A Directory Traversal attack also...

6.9CVSS6.3AI score0.00089EPSS