Lucene search
K

61 matches found

OSV
OSV
added 2026/05/05 9:15 p.m.4 views

GHSA-CFCJ-HQPF-HCCF @evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allows Hub-controlled overwrite of project files (RCE)

Summary The evolver fetch subcommand in index.js writes Hub-supplied bundledfiles into a directory derived from a Hub-supplied skillid. When --out is not used, the path-sanitizing regex permits . characters, allowing a skillid of .. to escape the skills/ subdirectory and resolve to the user's...

8.8CVSS6.4AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/02 2:30 p.m.4 views

CVE-2026-7642

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...

6.5CVSS6.4AI score0.0134EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/02 2:30 p.m.31 views

CVE-2026-7642 pskill9 website-downloader MCP index.ts download_website os command injection

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...

6.5CVSS0.0134EPSS
Exploits0References6
CVE
CVE
added 2026/05/02 2:30 p.m.21 views

CVE-2026-7642

The vulnerability affects pskill9 website-downloader (up to 0.1.0) in the MCP Interface, specifically the download_website function in src/index.ts. The root cause is manipulation of the outputPath argument that leads to OS command injection. Attack surface is network-initiated with low privilege...

6.5CVSS6.4AI score0.0134EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/02 2:30 p.m.6 views

CVE-2026-7642 pskill9 website-downloader MCP index.ts download_website os command injection

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...

6.5CVSS6.4AI score0.0134EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.11 views

Website Downloader MCP Server 命令注入漏洞

The Website Downloader MCP Server is a website download tool developed by Manav Kundra. It supports recursive downloading while maintaining the local link structure. Versions of the Website Downloader MCP Server prior to 0.1.0 had a command injection vulnerability. This vulnerability stems from t...

6.5CVSS6.6AI score0.0134EPSS
Exploits0References2
NVD
NVD
added 2026/05/01 10:16 p.m.7 views

CVE-2026-7599

A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...

6.5CVSS0.00294EPSS
Exploits0References6
CVE
CVE
added 2026/05/01 9:45 p.m.21 views

CVE-2026-7599

The vulnerability affects Dayoooun hwpx-mcp 0.2.0, specifically the MCP Interface. It targets the mcp-server/src/index.ts functions save_document, export_to_text, and export_to_html, enabling path traversal via manipulation of the argument output_path. This allows remote exploitation, and the exp...

6.5CVSS6.3AI score0.00294EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/01 9:45 p.m.5 views

CVE-2026-7599

A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...

6.5CVSS6.3AI score0.00294EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/01 9:45 p.m.5 views

CVE-2026-7599 Dayoooun hwpx-mcp MCP index.ts export_to_html path traversal

A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...

6.5CVSS6.3AI score0.00294EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/01 9:45 p.m.7 views

EUVD-2026-26723

A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...

6.5CVSS5.5AI score0.00294EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

HWPX MCP Server 路径遍历漏洞

HWPX MCP Server is an enhanced version of the HWPX document editing MCP server by Kim dayoun individual developer. A path traversal vulnerability exists in HWPX MCP Server version 0.2.0, which stems from an improper operation of the savedocument/exporttotext/exporttohtml functions of the...

6.5CVSS6.6AI score0.00294EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.9 views

PT-2026-36551

Name of the Vulnerable Software and Affected Versions Dayoooun hwpx-mcp version 0.2.0 Description A path traversal issue exists in the MCP Interface component within the file mcp-server/src/index.ts. Manipulation of the output path argument in the functions save document, export to text, and expo...

6.5CVSS6.6AI score0.00294EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/04/25 1:36 a.m.10 views

SUSE CVE-2026-31668

In the Linux kernel, the following vulnerability has been resolved: seg6: separate dstcache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dstcache per encap route, shared between seg6inputcore and seg6outputcore. These two paths can perform the post-encap SID lookup ...

4.4CVSS5.4AI score0.00443EPSS
Exploits0References17
Cvelist
Cvelist
added 2026/04/24 2:45 p.m.35 views

CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel

In the Linux kernel, the following vulnerability has been resolved: seg6: separate dstcache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dstcache per encap route, shared between seg6inputcore and seg6outputcore. These two paths can perform the post-encap SID lookup ...

9.8CVSS0.00443EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:45 p.m.5 views

CVE-2026-31668

In the Linux kernel, the following vulnerability has been resolved: seg6: separate dstcache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dstcache per encap route, shared between seg6inputcore and seg6outputcore. These two paths can perform the post-encap SID lookup ...

5.4AI score0.00443EPSS
Exploits0References9Affected Software1
Snyk
Snyk
added 2026/04/17 9:58 p.m.7 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via improper validation of the outPath parameter in the screen recording. An attacker can write files outside the intended workspace boundary by specifying a path...

7.1CVSS5.8AI score0.0022EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 1:9 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...

7.1CVSS6.4AI score0.0032EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.7 views

Duplicate Advisory: OpenClaw has browser trace/download path symlink escape in temp output handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36h3-7c54-j27r. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output...

7.8CVSS5.9AI score0.00126EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/21 12:42 a.m.4 views

CVE-2026-32054

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...

6.5CVSS5.9AI score0.00126EPSS
Exploits0References4
Rows per page
Query Builder