Lucene search
K

68 matches found

EUVD
EUVD
added 2026/05/01 9:45 p.m.7 views

EUVD-2026-26723

A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...

6.5CVSS5.5AI score0.00294EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/01 9:45 p.m.28 views

CVE-2026-7599 Dayoooun hwpx-mcp MCP index.ts export_to_html path traversal

A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...

6.5CVSS0.00294EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/01 9:45 p.m.5 views

CVE-2026-7599

A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...

6.5CVSS6.3AI score0.00294EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/01 9:45 p.m.5 views

CVE-2026-7599 Dayoooun hwpx-mcp MCP index.ts export_to_html path traversal

A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...

6.5CVSS6.3AI score0.00294EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/01 8:30 p.m.5 views

CVE-2026-7594

A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function imageto3dasync of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public...

7.5CVSS6.8AI score0.00418EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/01 8:30 p.m.21 views

CVE-2026-7594

The CVE-2026-7594 affects Flux159 mcp-game-asset-gen 0.1.0. The vulnerability is in the MCP Interface component, specifically the image_to_3d_async function in src/index.ts, where manipulation of the statusFile argument leads to path traversal. It can be exploited remotely, and public exploits ex...

7.5CVSS6.8AI score0.00418EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/01 8:15 p.m.31 views

CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

7.5CVSS0.01362EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/01 8:15 p.m.3 views

CVE-2026-7593

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

7.5CVSS6.6AI score0.01362EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.9 views

PT-2026-36546

Name of the Vulnerable Software and Affected Versions Flux159 mcp-game-asset-gen version 0.1.0 Description A path traversal issue exists in the MCP Interface component within the image to 3d async function of the src/index.ts file. This flaw allows remote attackers to perform path traversal by...

7.5CVSS7.1AI score0.00418EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/04/30 12:31 a.m.14 views

mcp-server-semgrep has a Command Injection issue

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...

7.5CVSS6.9AI score0.01394EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2026/04/30 12:0 a.m.18 views

CVE-2026-7446

VetCoders mcp-server-semgrep version 1.0.0 is affected by CVE-2026-7446 in the MCP Interface. The vulnerability exists in the file src/index.ts (functions analyze_results, filter_results, export_results, compare_results, scan_directory, create_rule) where manipulation of the argument ID enables a...

7.5CVSS7.2AI score0.01394EPSS
Exploits0References8
NVD
NVD
added 2026/04/29 11:16 p.m.7 views

CVE-2026-7443

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

7.5CVSS0.01378EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/29 10:45 p.m.4 views

CVE-2026-7443

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

7.5CVSS7.2AI score0.01378EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/29 10:45 p.m.4 views

CVE-2026-7443 BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

7.5CVSS6.8AI score0.01378EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/29 10:45 p.m.6 views

EUVD-2026-26300

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

7.5CVSS7.2AI score0.01378EPSS
Exploits0References6
NVD
NVD
added 2026/04/29 10:16 p.m.16 views

CVE-2026-7417

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...

7.5CVSS0.00361EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/29 9:45 p.m.10 views

EUVD-2026-26294

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...

7.5CVSS7.1AI score0.00361EPSS
Exploits0References6
CVE
CVE
added 2026/04/29 9:45 p.m.17 views

CVE-2026-7417

The CVE-2026-7417 entry concerns Algovate xhs-mcp 0.8.11. It affects the MCP Interface’s xhs_publish_content in src/server/mcp.server.ts, where manipulating the media_paths argument enables server-side request forgery. The vulnerability is exploitable remotely with a public exploit (exploit code ...

7.5CVSS7.1AI score0.00361EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/29 9:45 p.m.6 views

CVE-2026-7417

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...

7.5CVSS7AI score0.00361EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/04/29 9:30 p.m.34 views

CVE-2026-7416 PolarVista xcode-mcp-server MCP index.ts run_tests os command injection

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...

7.5CVSS0.01629EPSS
Exploits0References6
Rows per page
Query Builder