179 matches found
EUVD-2023-48634
Malicious code in bioql PyPI...
EUVD-2024-0814
Malicious code in bioql PyPI...
EUVD-2024-22271
Malicious code in bioql PyPI...
EUVD-2022-37320
Malicious code in bioql PyPI...
EUVD-2023-35382
Malicious code in bioql PyPI...
EUVD-2022-7700
Malicious code in bioql PyPI...
CVE-2025-59049
Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal...
GHSA-G4JQ-H2W9-997C Vite middleware may serve files starting with the same name with the public directory
Summary Files starting with the same name with the public directory were served bypassing the server.fs settings. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - uses the public...
GHSA-JQFW-VQ24-V9C3 Vite's `server.fs` settings were not applied to HTML files
Summary Any HTML files on the machine were served regardless of the server.fs settings. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - appType: 'spa' default or appType: 'mpa' i...
CVE-2025-58751
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...
CVE-2025-58752 Vite's `server.fs` settings were not applied to HTML files
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or server.host config option and...
Vite 访问控制错误漏洞
Vite is a new front-end build tool from Vite Open Source. An access control error vulnerability exists in Vite versions prior to 7.1.5, 7.0.7, 6.3.6, and 5.4.20, which stems from file access that bypasses the server.fs setting...
The vulnerability of the MCP protocol of the server-filesystem allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the MCP protocol of the server-filesystem relates to the incorrect definition of the link before accessing a file. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
@kakashi-ventures-accelerator/catalyst-cli (=0.1.0), @mew-protocol/mew (>=0.5.0 <=0.11.0) +1 more potentially affected by CVE-2025-53110 via @modelcontextprotocol/server-filesystem (=0.6.2)
@modelcontextprotocol/server-filesystem NPM version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on @modelcontextprotocol/server-filesystem and may be impacted: - @kakashi-ventures-accelerator/catalyst-cli =0.1.0 - @mew-protocol/mew =0.5.0,...
@iflow-mcp/alibabacloud-dataworks-mcp-server (=1.0.43), @mseep/alibabacloud-dataworks-mcp-server (=1.0.36) +1 more potentially affected by CVE-2025-53110 via @modelcontextprotocol/server-filesystem (=2025.3.28)
@modelcontextprotocol/server-filesystem NPM version =2025.3.28 is affected by a known vulnerability. The following packages have a transitive dependency on @modelcontextprotocol/server-filesystem and may be impacted: - @iflow-mcp/alibabacloud-dataworks-mcp-server =1.0.43 -...
@kakashi-ventures-accelerator/catalyst-cli (=0.1.0), @mew-protocol/mew (>=0.5.0 <=0.11.0) +1 more potentially affected by CVE-2025-53109 via @modelcontextprotocol/server-filesystem (=0.6.2)
@modelcontextprotocol/server-filesystem NPM version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on @modelcontextprotocol/server-filesystem and may be impacted: - @kakashi-ventures-accelerator/catalyst-cli =0.1.0 - @mew-protocol/mew =0.5.0,...
@iflow-mcp/alibabacloud-dataworks-mcp-server (=1.0.43), @mseep/alibabacloud-dataworks-mcp-server (=1.0.36) +1 more potentially affected by CVE-2025-53109 via @modelcontextprotocol/server-filesystem (=2025.3.28)
@modelcontextprotocol/server-filesystem NPM version =2025.3.28 is affected by a known vulnerability. The following packages have a transitive dependency on @modelcontextprotocol/server-filesystem and may be impacted: - @iflow-mcp/alibabacloud-dataworks-mcp-server =1.0.43 -...
CVE-2021-32018
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal...
CVE-2019-14766
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem...
CVE-2024-30146
Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem...