EUVD-2026-33534

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated remotely. The exploit has...

CVE-2026-9550

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

CVE-2026-8756

A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generateconfig of the file webuipreprocess.py of the component Gradio Interface. Such manipulation of the argument datadir leads to path traversal. The attac...

CVE-2026-8756

CVE-2026-8756 affects fishaudio Bert-VITS2 (up to commit 8f7fbd8c4770965225d258db548da27dc8dd934c) with a path traversal vulnerability in the Gradio Interface’s webui_preprocess.py, specifically in generate_config. The issue arises from manipulating the data_dir argument, enabling remote exploita...

CVE-2026-8755

The CVE-2026-8755 affects fishaudio Bert-VITS2 (up to commit 8f7fbd8c4770965225d258db548da27dc8dd934c) with a vulnerability in the Model Handler component. Specifically, the function _get_all_models in hiyoriUI.py enables path traversal. This is a remote exploitable issue, and an exploit has been...

CVE-2026-8215

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument mstrSourceFileName causes path traversal. The attack can be initiated remotely. The...

CVE-2026-8215

CVE-2026-8215 affects Industrial Application Software IAS Canias ERP 8.03, specifically the RMI Interface function iasRequestFileEvent. The vulnerability arises from manipulating the m_strSourceFileName argument, enabling path traversal. Attacks can be initiated remotely and publicly disclosed ex...

CVE-2026-8113

A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to laun...

CVE-2026-7810

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-7715

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...

PT-2026-36677

A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument...

CVE-2026-7627

A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component synceafromfile. Such manipulation of the argument eaname leads to path traversal. The attack can be launched remotely...

PT-2026-36605

A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync ea from file. Such manipulation of the argument ea name leads to path traversal. The attack can be launched...

PT-2026-36627

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function export state of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

EUVD-2026-26704

A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function getstyleguide/getbestpractices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and...

CVE-2026-7588

A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function getstyleguide/getbestpractices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and...

CVE-2026-7319

A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function getcontextfilepath of the file src/executionsystemmcp/server.py of the component addaction Tool. This manipulation of the argument context causes path traversal. The attack can be initiated remotely...

CVE-2026-7400

CVE-2026-7400 affects geekgod382’s filesystem-mcp-server (v1.0.0). The issue is in the is_path_allowed function within server.py (read_file_tool/write_file_tool), enabling path traversal. The vulnerability is exploitable remotely, with a publicly disclosed exploit and an official fix in v1.1.0. T...

PT-2026-35649

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read docx/read xlsx/read pptx/list xlsx sheets/read pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path...

CVE-2026-7149

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...