CVE-2026-7213

CVE-2026-7213 affects ef10007 MLOps_MCP 1.0.0, specifically the save_file Tool’s fastmcp_server.py. The issue is a path traversal vulnerability triggered by manipulating the filename/destination argument. It can be exploited remotely; public exploit is available. The project was informed via issu...

CVE-2026-7057

A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published a...

CVE-2026-7062

A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation leads to os command injection. The attack can be executed remotely. The exploit has been disclosed...

CVE-2026-7205

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function searchpapers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly...

CVE-2026-7212

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

CVE-2026-7212 edvardlindelof notes-mcp notes_mcp.py path traversal

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

CVE-2026-7212 edvardlindelof notes-mcp notes_mcp.py path traversal

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

EUVD-2026-25965

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

CVE-2026-7212

CVE-2026-7212 affects the edvardlindelof notes-mcp project up to version 0.1.4, specifically via an issue in the notes_mcp.py file where manipulation of the arguments root_dir or path enables a path traversal vulnerability. The vulnerability is exploitable remotely and, according to the provided ...

CVE-2026-7206 dubydu sqlite-mcp entry.py extract_to_json sql injection

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

GHSA-WFR3-HF93-QGG3 mkdocs-mcp-plugin has a Path Traversal issue

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-7205

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function searchpapers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly...

CVE-2026-7205 duartium papers-mcp-server main.py search_papers path traversal

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function searchpapers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly...

CVE-2026-7205

The CVE-2026-7205 entry affects duartium papers-mcp-server (version 9ceb3812a6458ba7922ca24a7406f8807bc55598). Affected is the function search_papers in src/main.py; manipulation of the topic argument leads to path traversal. Attack is described as remote (network) with a publicly available explo...

CVE-2026-7199

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deleteproduct. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the atta...

CVE-2026-7204 Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The...

CVE-2026-7204 Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The...

EUVD-2026-25961

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The...

CVE-2026-7203 Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely...

PT-2026-35651

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...