CVE-2026-7589

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function createcsvexport of the file services/csv-export-service/app/api/v1/endpoints/csvexport.py of the component CSV Export. This manipulation of the argument...

CVE-2026-7589 ghantakiran splunk-mcp-integration CSV Export csv_export.py create_csv_export path traversal

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function createcsvexport of the file services/csv-export-service/app/api/v1/endpoints/csvexport.py of the component CSV Export. This manipulation of the argument...

CVE-2026-7589 ghantakiran splunk-mcp-integration CSV Export csv_export.py create_csv_export path traversal

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function createcsvexport of the file services/csv-export-service/app/api/v1/endpoints/csvexport.py of the component CSV Export. This manipulation of the argument...

CVE-2026-7589

The CVE concerns ghantakiran splunk-mcp-integration (up to commit 0b86b09d5e5adf0433acd43c975951224613a1a6). Affects the function create_csv_export in services/csv-export-service/app/api/v1/endpoints/csv_export.py (CSV Export). Root cause: manipulation of the job_name argument leads to path trave...

PT-2026-36533

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function create csv export of the file services/csv-export-service/app/api/v1/endpoints/csv export.py of the component CSV Export. This manipulation of the argument...

Splunk MCP Integration 路径遍历漏洞

Splunk MCP Integration is a natural language interactive Splunk data analytics integration tool from the individual developer AI-Ninja. Splunk MCP Integration has a path traversal vulnerability that originates in the createcsvexport function in the file...

PraisonAI Vulnerable to Sensitive Environment Variable Exposure via Untrusted MCP Subprocess Execution

PraisonAI’s MCP Model Context Protocol integration allows spawning background servers via stdio using user-supplied command strings e.g., MCP"npx -y @smithery/cli ...". These commands are executed through Python’s subprocess module. By default, the implementation forwards the entire parent proces...

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI 2.3.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the MCP integration, where the /mcmessage endpoint only applied an IP white list, and the default white list was empty. This...

Malicious code in @zapier/mcp-integration (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41b2f7745be8592869c863671add1d5a04c1d33f7a2c23a54fde611a5e021226 The package @zapier/mcp-integration was found to contain malicious code. Source: google-open-source-security...

MAL-2025-190918 Malicious code in @zapier/mcp-integration (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41b2f7745be8592869c863671add1d5a04c1d33f7a2c23a54fde611a5e021226 The package @zapier/mcp-integration was found to contain malicious code. Source: google-open-source-security...

This Year in Spring - December 31st, 2024

Hi Spring fans! Happy New Year! And welcome to another installment of This Year in Spring! The year that was... I write this edition from a desk overlooking the beautiful jungle of Martinique, a beautiful island nation in the French Caribbean. I’m sipping some rhum martinique , enjoying the...