Lucene search
K

68 matches found

Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36757

Name of the Vulnerable Software and Affected Versions ryanjoachim mcp-rtfm version 0.1.0 Description A path traversal issue exists in the MCP Interface component. A remote attacker can manipulate the docFile argument within the get doc content, read doc, and update doc functions to access or modi...

6.5CVSS6.6AI score0.00294EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.14 views

PT-2026-36759

Name of the Vulnerable Software and Affected Versions privsim mcp-test-runner version 0.2.0 Description A flaw in the MCP Interface component allows for remote OS command injection. This occurs through the manipulation of the command argument within the child process.spawn function located in the...

6.5CVSS6.6AI score0.01089EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/02 6:30 p.m.8 views

Directory Traversal

Overview sublinear-time-solver is a The Ultimate Mathematical & AI Toolkit: Sublinear algorithms, consciousness exploration, psycho-symbolic reasoning, chaos analysis, and temporal prediction in one unified MCP interface. WASM-accelerated with Lyapunov exponents and attractor dynamics. Affected...

6.9CVSS7AI score0.00462EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/02 6:30 p.m.22 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the exportstate function in the MCP Interface component. An attacker can overwrite or access arbitrary files by supplying crafted input to manipulate file paths remotely. Details A Directory Traversal attack also...

6.9CVSS6.3AI score0.00462EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/02 6:30 p.m.13 views

sublinear-time-solver has a Path Traversal Issue

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

6.9CVSS6.2AI score0.00462EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/05/02 4:16 p.m.10 views

CVE-2026-7653

A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...

6.5CVSS0.01294EPSS
Exploits0References4
NVD
NVD
added 2026/05/02 4:16 p.m.11 views

CVE-2026-7645

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

6.9CVSS0.00462EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/02 3:30 p.m.5 views

EUVD-2026-26800

A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...

6.5CVSS5.5AI score0.01294EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/02 3:30 p.m.10 views

CVE-2026-7653

A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...

6.5CVSS5.5AI score0.01294EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/02 3:16 p.m.7 views

CVE-2026-7642

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...

6.5CVSS0.0134EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/02 3:15 p.m.34 views

CVE-2026-7645 ruvnet sublinear-time-solver MCP server.js export_state path traversal

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

6.9CVSS0.00462EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/02 3:15 p.m.7 views

CVE-2026-7645 ruvnet sublinear-time-solver MCP server.js export_state path traversal

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

6.9CVSS6.2AI score0.00462EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/02 2:30 p.m.31 views

CVE-2026-7642 pskill9 website-downloader MCP index.ts download_website os command injection

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...

6.5CVSS0.0134EPSS
Exploits0References6
NVD
NVD
added 2026/05/02 1:16 a.m.9 views

CVE-2026-7600

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

6.5CVSS0.0111EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/02 12:15 a.m.38 views

CVE-2026-7600 ArtMin96 yii2-mcp-server MCP index.ts yii_execute_command os command injection

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

6.5CVSS0.0111EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/02 12:15 a.m.7 views

EUVD-2026-26725

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/02 12:15 a.m.3 views

CVE-2026-7600

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.10 views

PT-2026-36627

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function export state of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

6.9CVSS6.2AI score0.00462EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.8 views

PT-2026-36552

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii command help/yii execute command of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References7
NVD
NVD
added 2026/05/01 10:16 p.m.7 views

CVE-2026-7599

A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...

6.5CVSS0.00294EPSS
Exploits0References6
Rows per page
Query Builder