CVE-2026-7594

The CVE-2026-7594 affects Flux159 mcp-game-asset-gen 0.1.0. The vulnerability is in the MCP Interface component, specifically the image_to_3d_async function in src/index.ts, where manipulation of the statusFile argument leads to path traversal. It can be exploited remotely, and public exploits ex...

CVE-2026-7594 Flux159 mcp-game-asset-gen MCP index.ts image_to_3d_async path traversal

A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function imageto3dasync of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public...

EUVD-2026-26717

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

EUVD-2026-26710

A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /editstaff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public...

CVE-2026-7592 itsourcecode Courier Management System edit_staff.php sql injection

A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /editstaff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public...

CVE-2026-7589

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function createcsvexport of the file services/csv-export-service/app/api/v1/endpoints/csvexport.py of the component CSV Export. This manipulation of the argument...

CVE-2026-7591

CVE-2026-7591 : In TimBroddin’s astro-mcp-server (up to 1.1.1), the vulnerability exists in an unknown function within src/index.ts of the MCP Tool Query Construction. An attacker can manipulate the argument at request.params.arguments to trigger a SQL injection. The issue can be exploited remote...

CVE-2026-7591 TimBroddin astro-mcp-server MCP Tool Query Construction index.ts sql injection

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...

CVE-2026-7591

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...

EUVD-2026-26709

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...

CVE-2026-7591 TimBroddin astro-mcp-server MCP Tool Query Construction index.ts sql injection

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...

CVE-2026-7589

The CVE concerns ghantakiran splunk-mcp-integration (up to commit 0b86b09d5e5adf0433acd43c975951224613a1a6). Affects the function create_csv_export in services/csv-export-service/app/api/v1/endpoints/csv_export.py (CSV Export). Root cause: manipulation of the job_name argument leads to path trave...

CVE-2026-7589 ghantakiran splunk-mcp-integration CSV Export csv_export.py create_csv_export path traversal

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function createcsvexport of the file services/csv-export-service/app/api/v1/endpoints/csvexport.py of the component CSV Export. This manipulation of the argument...

CVE-2026-7589 ghantakiran splunk-mcp-integration CSV Export csv_export.py create_csv_export path traversal

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function createcsvexport of the file services/csv-export-service/app/api/v1/endpoints/csvexport.py of the component CSV Export. This manipulation of the argument...

CVE-2026-7589

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function createcsvexport of the file services/csv-export-service/app/api/v1/endpoints/csvexport.py of the component CSV Export. This manipulation of the argument...

EUVD-2026-26706

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function createcsvexport of the file services/csv-export-service/app/api/v1/endpoints/csvexport.py of the component CSV Export. This manipulation of the argument...

CVE-2026-7588

A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function getstyleguide/getbestpractices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and...

CVE-2026-43038

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

CVE-2026-7588 ggerve coding-standards-mcp server.py get_best_practices path traversal

A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function getstyleguide/getbestpractices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and...

CVE-2026-7588

Summary (CVE-2026-7588) : In the ggerve coding-standards-mcp project, the vulnerability affects the get_style_guide/get_best_practices function in server.py. The issue arises from manipulating the Language argument, which enables a path traversal condition. This can be exploited remotely over a n...