Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

65 matches found

Nuclei
Nucleiadded 16 hours ago40 views

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

7.5CVSS7.4AI score0.79718EPSS
Exploits2
RedhatCVE
RedhatCVEadded 2 days ago5 views

CVE-2026-7159

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS6.6AI score0.00099EPSS
Exploits0References1
OSV
OSVadded 2026/04/28 12:31 a.m.0 views

GHSA-WFR3-HF93-QGG3 mkdocs-mcp-plugin has a Path Traversal issue

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...

7.3CVSS6.7AI score0.00099EPSS
Exploits0References7
Snyk
Snykadded 2026/04/28 12:31 a.m.3 views

Directory Traversal

Overview mkdocs-mcp-plugin is a MCP server for MkDocs documentation with intelligent search and retrieval capabilities Affected versions of this package are vulnerable to Directory Traversal via the readdocument and listdocuments functions in server.py when processing the docsdir or filepath...

7.5CVSS7.5AI score0.00099EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/04/28 12:31 a.m.3 views

mkdocs-mcp-plugin has a Path Traversal issue

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS6.7AI score0.00099EPSS
Exploits0References8Affected Software1
NVD
NVDadded 2026/04/27 10:16 p.m.2 views

CVE-2026-7159

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS0.00099EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/04/27 9:15 p.m.27 views

CVE-2026-7159 douinc mkdocs-mcp-plugin server.py list_documents path traversal

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS0.00099EPSS
Exploits0References6
CVE
CVEadded 2026/04/27 9:15 p.m.7 views

CVE-2026-7159

CVE-2026-7159 affects the douinc mkdocs-mcp-plugin (up to 0.4.1). The vulnerability exists in the file server.py functions read_document and list_documents , where manipulating the arguments docs_dir/file_path yields a path traversal . This allows a remote attacker to access files outside the int...

7.5CVSS7AI score0.00099EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/04/27 9:15 p.m.2 views

CVE-2026-7159

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS5.1AI score0.00099EPSS
Exploits0References6Affected Software1
EUVD
EUVDadded 2026/04/27 9:15 p.m.0 views

EUVD-2026-25926

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS7AI score0.00099EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/04/27 12:0 a.m.1 views

PT-2026-35532

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read document/list documents of the file server.py. Performing a manipulation of the argument docs dir/file path results in path traversal. The attack is possible to be carried out remotely. The exploit h...

7.5CVSS7AI score0.00099EPSS
Exploits0References7
CNNVD
CNNVDadded 2026/04/27 12:0 a.m.4 views

MkDocs MCP Plugin 路径遍历漏洞

MkDocs MCP Plugin is an open-source document intelligent search and integration tool developed by Dou. Versions of MkDocs MCP Plugin prior to 0.4.1 contained a path traversal vulnerability. This vulnerability stemmed from improper handling of parameters docsdir and filepath in the...

7.5CVSS7.1AI score0.00099EPSS
Exploits0References1
NVD
NVDadded 2026/03/07 3:15 p.m.2 views

CVE-2026-29186

Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the...

9.8CVSS0.00038EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/07 3:3 p.m.1 views

CVE-2026-29186

Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the...

7.7CVSS5.9AI score0.00038EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/07 3:3 p.m.1 views

CVE-2026-29186 @backstage/plugin-techdocs-node: TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution

Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the...

7.7CVSS5.9AI score0.00038EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/07 3:3 p.m.20 views

CVE-2026-29186 @backstage/plugin-techdocs-node: TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution

Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the...

7.7CVSS0.00038EPSS
Exploits0References1
OSV
OSVadded 2026/03/07 3:3 p.m.1 views

CVE-2026-29186 @backstage/plugin-techdocs-node: TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution

Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the...

7.7CVSS6AI score0.00038EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/03/05 12:12 a.m.8 views

TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution

Impact This is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an...

9.8CVSS6.2AI score0.00038EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2026/03/05 12:12 a.m.0 views

GHSA-928R-FM4V-MVRW TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution

Impact This is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an...

7.7CVSS6.2AI score0.00038EPSS
Exploits0References6
Snyk
Snykadded 2026/03/05 12:12 a.m.1 views

Permissive List of Allowed Inputs

Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via the processing of the mkdocs.yml configuration file...

9.8CVSS6AI score0.00038EPSS
Exploits0References2
Rows per page
Query Builder