CVE-2026-7159

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...

poc-ccweb-unauth-rce

CVE — pqhaz3925/ccweb Unauthenticated RCE via Claude Code Cont...

NPM: 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

NPM: 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes vulnerability discovered by ? in WordPress Npm 9router versions = 0.4.30, 0.4.37...

Directory Traversal

Overview mkdocs-mcp-plugin is a MCP server for MkDocs documentation with intelligent search and retrieval capabilities Affected versions of this package are vulnerable to Directory Traversal via the readdocument and listdocuments functions in server.py when processing the docsdir or filepath...

PT-2026-35532

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read document/list documents of the file server.py. Performing a manipulation of the argument docs dir/file path results in path traversal. The attack is possible to be carried out remotely. The exploit h...

WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Alexis Lafontaine in WordPress Plugin Royal MCP versions = 1.4.2...

GO-2025-4179 Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode in github.com/docker/mcp-gateway

Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode in github.com/docker/mcp-gateway...

EUVD-2025-200985

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

GHSA-46GC-MWH4-CC5R Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode

Impact When ran in sse or streaming mode --transport, the Docker MCP Gateway is vulnerable to a DNS rebinding attack. Vulnerability allows for Browser-Based exploitation of any MCP servers that are executing within the Docker MCP Gateway. Any tools or other features exposed by MCP servers can be...

CVE-2025-59053 AIRI's character card/chat UI is vulnerable to XSS and can lead to RCE

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

Malicious code in rush-mcp-example-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4593979eeb7174aea0989af27a63ee606786e382185ca406a15e9d4368c687b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...