Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

Positive Technologies
Positive Technologiesadded 3 days ago13 views

PT-2026-45678

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

6.5CVSS6.3AI score0.00734EPSS
Exploits0References7
Cvelist
Cvelistadded 4 days ago24 views

CVE-2026-10276 hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

6.5CVSS0.00043EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 4 days ago9 views

CVE-2026-10228

A vulnerability was found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admissionformcheck.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

5.1CVSS4.2AI score0.00034EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 5 days ago8 views

CVE-2026-10169

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

6.3CVSS5.1AI score0.00028EPSS
Exploits0References4
NVD
NVDadded 2026/05/25 5:16 p.m.10 views

CVE-2026-9472

A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function downloadmarkdown/listdownloadedfiles/createsubdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. T...

6.5CVSS0.00048EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/25 4:15 p.m.7 views

EUVD-2026-31706

A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...

6.5CVSS6.2AI score0.00048EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/25 11:15 a.m.9 views

EUVD-2026-31671

A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. This affects the function which of the file /src/application/skills-loader.ts of the component SkillsLoader. Performing a manipulation of the argument requires.bins results in command injection. T...

7.5CVSS5.6AI score0.02177EPSS
Exploits0References5
OSV
OSVadded 2026/05/11 2:16 a.m.2 views

DEBIAN-CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

4.8CVSS6.2AI score0.00014EPSS
Exploits0References1
NVD
NVDadded 2026/05/05 4:16 p.m.6 views

CVE-2026-7844

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...

6.3CVSS0.00057EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/05/05 12:0 a.m.3 views

PT-2026-36970

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create notebook/read notebook/edit cell/add cell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The explo...

7.5CVSS6.8AI score0.0006EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/05/04 8:21 p.m.2 views

CVE-2026-7443

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

7.5CVSS6.8AI score0.01715EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/29 9:30 p.m.1 views

CVE-2026-7416

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...

7.5CVSS7.2AI score0.00403EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blogadded 2026/04/28 3:31 a.m.4 views

notes-mcp has a Path Traversal issue

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

7.5CVSS6.7AI score0.00066EPSS
Exploits0References7Affected Software1
NVD
NVDadded 2026/04/27 6:16 p.m.0 views

CVE-2026-7146

A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...

7.5CVSS0.00058EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/09 12:0 a.m.2 views

PT-2026-31820

Name of the Vulnerable Software and Affected Versions Zod jsVideoUrlParser versions up to 0.5.1 Description A weakness exists in Zod jsVideoUrlParser up to version 0.5.1. The issue is related to inefficient regular expression complexity caused by manipulation of the timestamp argument within the...

6.9CVSS5.7AI score0.0006EPSS
Exploits0References10
RedhatCVE
RedhatCVEadded 2026/04/07 10:51 a.m.1 views

CVE-2026-5638

A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem...

6.9CVSS5.6AI score0.00069EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/29 11:3 p.m.1 views

CVE-2026-5013

A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of the file /store/:key. The manipulation of the argument URL leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used...

6.9CVSS5.5AI score0.00019EPSS
Exploits0References1
NVD
NVDadded 2026/03/28 8:16 p.m.0 views

CVE-2026-5013

A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of the file /store/:key. The manipulation of the argument URL leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used...

6.9CVSS0.00019EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/11 9:31 p.m.2 views

EUVD-2026-11403

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

6.5CVSS5.5AI score0.00065EPSS
Exploits0References6
SUSE CVE
SUSE CVEadded 2026/03/03 12:26 a.m.1 views

SUSE CVE-2026-3389

A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstdrexnewnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and m...

5.5CVSS5.4AI score0.00031EPSS
Exploits1References3
Rows per page
Query Builder