CVE-2026-7811 54yyyu code-mcp MCP File server.py is_safe_path path traversal

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function issafepath of the file src/codemcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...

PT-2026-28433

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A system-affecting issue exists in Microsoft Edge Chromium-based. Recommendations At the moment, there is no information about a newer version that contains a fix for th...

PT-2026-6636

Name of the Vulnerable Software and Affected Versions Azure Function affected versions not specified Description An information disclosure issue exists in Azure Function. The issue allows for the potential disclosure of information. Recommendations At the moment, there is no information about a...

PT-2025-48375

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description The advisory SUSE-2025-4300-1 addresses a significant issue in curl. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

PT-2025-39444

Name of the Vulnerable Software and Affected Versions Zenitel ICX500 and ICX510 Gateway affected versions not specified Description The issue allows unauthorized access to the Billing Admin endpoint, potentially enabling malicious actors to read the entire contents of the Billing Admin database...

PT-2025-34804 · Nvidia · Nvidia Nemo Framework

Name of the Vulnerable Software and Affected Versions: NVIDIA NeMo Framework affected versions not specified Description: The NVIDIA NeMo Framework contains an issue in the NLP component that could allow an attacker to inject code through maliciously crafted data. A successful exploit may lead to...

PT-2025-33143

Name of the Vulnerable Software and Affected Versions: Flowise JS affected versions not specified Description: User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host by...

PT-2025-32821 · Unknown +1 · Storage Port Driver +1

Name of the Vulnerable Software and Affected Versions: Storage Port Driver affected versions not specified Description: The Storage Port Driver is susceptible to a flaw that permits an authorized attacker to locally disclose sensitive information to an unauthorized actor. Recommendations: At the...

CVE-2025-5386

A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. Th...

PT-2025-4151 · Unknown · Wlan Ap Driver

Name of the Vulnerable Software and Affected Versions: WLAN AP driver affected versions not specified Description: In the WLAN AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution...

PT-2025-5390 · Seedprod · Seedprod Coming Soon Page

Name of the Vulnerable Software and Affected Versions: SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd versions n/a through 6.18.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. This problem affects th...

PT-2025-1106 · Microsoft · Visual Studio

Name of the Vulnerable Software and Affected Versions: Visual Studio affected versions not specified Description: The issue is related to a remote code execution vulnerability in Visual Studio. It involves a memory reading vulnerability that allows an out-of-bounds memory read. Exploitation of th...

PT-2025-4194 · Microsoft · Com +1

Name of the Vulnerable Software and Affected Versions: Microsoft COM for Windows affected versions not specified Description: An elevation-of-privilege issue affects the system, allowing attackers to elevate their privileges. Recommendations: At the moment, there is no information about a newer...

PT-2025-3178 · Aviatrix · Aviatrix Network Controller

Name of the Vulnerable Software and Affected Versions: Aviatrix Network Controller affected versions not specified Description: The issue concerns a command injection vulnerability. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

PT-2025-2695 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTPd affected versions not specified Description: The issue is related to a denial of service. No further details are provided about the nature of the issue, affected devices, or real-world incidents. Recommendations: At the moment,...

PT-2025-5650 · Opencv · Opencv

Name of the Vulnerable Software and Affected Versions: OpenCV affected versions not specified Description: A heap buffer overflow read issue has been identified. The crash occurs in the cv::PngDecoder module, specifically in the read from io, read chunk, and readHeader functions. Recommendations:...

PT-2024-10978 · Huawei · Huawei Wearables

Name of the Vulnerable Software and Affected Versions: Huawei wearables affected versions not specified Description: The issue is related to a permission management vulnerability in some Huawei wearables. There is no information provided about the estimated number of potentially affected devices...

PT-2024-10777 · Unknown · Abe Service

Name of the Vulnerable Software and Affected Versions: ABE service affected versions not specified Description: The issue is related to flaws in the verification of input parameters. An attacker can input carefully constructed commands to make the ABE service execute some commands with root...

PT-2024-9428 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to a buffer overflow in memory, which can be exploited to elevate privileges. This can potentially allow an attacker to gain higher privileges on the system...

PT-2024-19171

Name of the Vulnerable Software and Affected Versions obs-scm-bridge affected versions not specified Description The issue allows attackers to create specially crafted git repositories, potentially leading to information leakage or denial of service. Recommendations At the moment, there is no...