68 matches found
EUVD-2026-26723
A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...
CVE-2026-7599 Dayoooun hwpx-mcp MCP index.ts export_to_html path traversal
A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...
CVE-2026-7599
A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...
CVE-2026-7599 Dayoooun hwpx-mcp MCP index.ts export_to_html path traversal
A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...
CVE-2026-7594
A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function imageto3dasync of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public...
CVE-2026-7594
The CVE-2026-7594 affects Flux159 mcp-game-asset-gen 0.1.0. The vulnerability is in the MCP Interface component, specifically the image_to_3d_async function in src/index.ts, where manipulation of the statusFile argument leads to path traversal. It can be exploited remotely, and public exploits ex...
CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
CVE-2026-7593
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
PT-2026-36546
Name of the Vulnerable Software and Affected Versions Flux159 mcp-game-asset-gen version 0.1.0 Description A path traversal issue exists in the MCP Interface component within the image to 3d async function of the src/index.ts file. This flaw allows remote attackers to perform path traversal by...
mcp-server-semgrep has a Command Injection issue
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...
CVE-2026-7446
VetCoders mcp-server-semgrep version 1.0.0 is affected by CVE-2026-7446 in the MCP Interface. The vulnerability exists in the file src/index.ts (functions analyze_results, filter_results, export_results, compare_results, scan_directory, create_rule) where manipulation of the argument ID enables a...
CVE-2026-7443
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...
CVE-2026-7443
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...
CVE-2026-7443 BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...
EUVD-2026-26300
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...
CVE-2026-7417
A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...
EUVD-2026-26294
A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...
CVE-2026-7417
The CVE-2026-7417 entry concerns Algovate xhs-mcp 0.8.11. It affects the MCP Interface’s xhs_publish_content in src/server/mcp.server.ts, where manipulating the media_paths argument enables server-side request forgery. The vulnerability is exploitable remotely with a public exploit (exploit code ...
CVE-2026-7417
A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...
CVE-2026-7416 PolarVista xcode-mcp-server MCP index.ts run_tests os command injection
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...