cramfs-tools 路径遍历漏洞

cramfs-tools is a compression read-only file system tool developed by Nicolas Pitre. Versions of cramfs-tools 2.1 and earlier contained a path traversal vulnerability, which originated from a function in the Directory Handler component called dodirectory in the cramfsck.c file, which allowed for...

📄 OSK Privilege Escalation

This PowerShell script acts as a wrapper/launcher for a compiled Windows exploit binary targeting the OSK On-Screen Keyboard privilege escalation vulnerability. ================================================================================================================================== | Tit...

N4V3R41N-Suite

N4V3R41N: The Ultimate Unified iOS Exploit & Bypass Suite !V...

GHSA-8JR5-6GVJ-RFPF @yoda.digital/gitlab-mcp-server's SSE transport has no authentication and wildcard CORS, exposing all 86 GitLab tools

SSE Transport Has No Authentication and Wildcard CORS, Exposing All 86 GitLab Tools Including Destructive Operations A review of mcp-gitlab-server at commit 80a7b4cf3fba6b55389c0ef491a48190f7c8996a uncovered that the SSE HTTP transport — advertised in the README and comparison table as a...

@yoda.digital/gitlab-mcp-server's SSE transport has no authentication and wildcard CORS, exposing all 86 GitLab tools

SSE Transport Has No Authentication and Wildcard CORS, Exposing All 86 GitLab Tools Including Destructive Operations A review of mcp-gitlab-server at commit 80a7b4cf3fba6b55389c0ef491a48190f7c8996a uncovered that the SSE HTTP transport — advertised in the README and comparison table as a...

PT-2026-39306

Name of the Vulnerable Software and Affected Versions GitLab MCP Server versions prior to 0.6.0 Description The HTTP transport in src/transport.ts lacks an authentication layer and implements a wildcard Access-Control-Allow-Origin: header on all responses. This allows any cross-origin browser...

CVE-2026-8018

An insufficient policy enforcement flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498292657...

CVE-2026-44694

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...

CVE-2026-44694

CVE-2026-44694 affects n8n-MCP before 2.50.2. An authenticated SSRF vulnerability exists in the webhook trigger tools, the n8n API client (N8N_API_URL), and per-request URLs via the x-n8n-url header in multi-tenant HTTP mode. Exploitation allows a valid MCP session to cause the host to send HTTP ...

CVE-2026-44694 n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client paths

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...

GHSA-CMRH-WVQ6-WM9R n8n-mcp webhook and API client paths has an authenticated SSRF

Summary Authenticated Server-Side Request Forgery affecting the webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied via the x-n8n-url header in multi-tenant HTTP mode. Impact A caller with access to the MCP session can drive HTTP requests from the n8n-mcp host to...

n8n-mcp webhook and API client paths has an authenticated SSRF

Summary Authenticated Server-Side Request Forgery affecting the webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied via the x-n8n-url header in multi-tenant HTTP mode. Impact A caller with access to the MCP session can drive HTTP requests from the n8n-mcp host to...

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

fusion-tools (>=3.6.19 <=3.6.90), idt-calculator (=0.1.0) +6 more potentially affected by CVE-2026-38361 via dash-uploader (>=0.6.0 <=0.6.1)

dash-uploader PYPI version =0.6.0, =3.6.19, =0.0.11, =0.0.30, =0.0.50.0, =0.2.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38361 Source advisory: OSV:PYSEC-2026-37...

CVE-2026-44334

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...

CVE-2026-44339

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and main after it fails to match the declared tool list and the registry. With the default agent configuration,...

CVE-2026-44336 PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection

PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...

CVE-2026-44334 PraisonAI: Unauthenticated RCE via `tool_override.py`

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...

secscan

secscan !PyPI versionhttps://img.shields.io/pypi/v/secsca...

MAL-2026-3377 Malicious code in crypto-wallet-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1e40a039f63743a1d3c20fb312ecd2ecb1e47fe20c6787efa0a3f0f441ad5828 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...