40975 matches found
CVE-2026-7668
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...
EUVD-2026-26801
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...
CVE-2026-7668 MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...
CVE-2026-7668
CVE-2026-7668 affects MikroTik RouterOS 6.49.8, specifically the SCEP Endpoint component, in nova/lib/www/scep.p. The root cause is out-of-bounds read in ASN1_STRING_data when manipulating transactionID/messageType, potentially allowing remote initiation. Public exploit code is noted, and disclos...
sublinear-time-solver has a Path Traversal Issue
A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...
GHSA-GC2J-WPJV-JHRW sublinear-time-solver has a Path Traversal Issue
A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...
CVE-2026-7645
A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...
EUVD-2026-26800
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...
CVE-2026-7643
A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been...
CVE-2026-7644
A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be...
CVE-2026-7645
A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...
EUVD-2026-26799
A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...
CVE-2026-7645
CVE-2026-7645 affects ruvnet sublinear-time-solver 1.5.0. The issue resides in the MCP Interface’s export_state function within src/consciousness-explorer/mcp/server.js, where input manipulation enables path traversal. The vulnerability can be exploited remotely; a public exploit exists per the s...
CVE-2026-7645 ruvnet sublinear-time-solver MCP server.js export_state path traversal
A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...
EUVD-2026-26797
A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been...
CVE-2026-7643
ChatGPTNextWeb NextChat API Endpoint (Next.js) vulnerable up to version 2.16.1. A manipulation can yield a permissive cross-domain policy with untrusted domains via the Next.js API Endpoint component. The issue can be exploited remotely; an exploit has been published. CVSS metrics indicate a MEDI...
CVE-2026-7642 pskill9 website-downloader MCP index.ts download_website os command injection
A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...
CVE-2026-7642 pskill9 website-downloader MCP index.ts download_website os command injection
A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...
CVE-2026-7642
The vulnerability affects pskill9 website-downloader (up to 0.1.0) in the MCP Interface, specifically the download_website function in src/index.ts. The root cause is manipulation of the outputPath argument that leads to OS command injection. Attack surface is network-initiated with low privilege...
EUVD-2026-26796
A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...