Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

184 matches found

RedhatCVE
RedhatCVEadded 3 days ago6 views

CVE-2026-44717

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...

9.8CVSS5.9AI score0.00333EPSS
Exploits0References1
AstraLinux
AstraLinuxadded 2026/05/20 5:53 a.m.2 views

Astra Linux - уязвимость в ruby2.5, jruby

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby, up to 3.2.1. The Time parser improperly handles invalid URLs that contain specific characters. This causes an increase in execution time when parsing strings into Time objects. The fixed versions are 0.1.1 and 0.2.2...

5.3CVSS7AI score0.00651EPSS
Exploits0References2
vulnersOsv
vulnersOsvadded 2026/05/19 12:0 a.m.4 views

common-g6topo (>=0.1.0 <=0.1.9) potentially affected by unknown CVE via @antv/vis-predict-engine (=0.1.1)

@antv/vis-predict-engine NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/vis-predict-engine and may be impacted: - common-g6topo =0.1.0, =0.1.9 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4094...

5.8AI score
Exploits0
Vulnrichment
Vulnrichmentadded 2026/05/15 4:58 p.m.7 views

CVE-2026-44717 MCP Calculate Server: Prompt Injection to RCE

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...

9.8CVSS6.2AI score0.00333EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/15 4:58 p.m.5 views

EUVD-2026-30574

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...

9.8CVSS6.2AI score0.00333EPSS
Exploits0References1
CVE
CVEadded 2026/05/15 4:58 p.m.14 views

CVE-2026-44717

The MCP Calculate Server (based on MCP and SymPy) is vulnerable prior to version 0.1.1 due to use of eval() for evaluating expressions without input sanitization, enabling remote code execution. The issue is fixed in 0.1.1. The CVSS3.1 vector indicates a network-facing, high-impact (CRITICAL) RCE...

9.8CVSS6.2AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/14 7:58 p.m.6 views

CVE-2026-44225

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.00041EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/12 8:2 p.m.9 views

EUVD-2026-29801

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.00041EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/12 8:2 p.m.26 views

CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS0.00041EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/12 8:2 p.m.7 views

CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.00041EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.6 views

PT-2026-40423

Name of the Vulnerable Software and Affected Versions Pulpy versions prior to 0.1.1 Description Pulpy injects a pulpy.fs JavaScript API into packaged web applications to provide host filesystem access. The validateFsPath function, intended to sandbox this access, contains an incomplete blocklist...

9.3CVSS5.9AI score0.00041EPSS
Exploits0References4
NVD
NVDadded 2026/04/28 10:16 p.m.1 views

CVE-2026-7315

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function getpdfpath of the file src/spirepdfmcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploi...

7.5CVSS0.00066EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/28 8:0 p.m.2 views

EUVD-2026-26152

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function getpdfpath of the file src/spirepdfmcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploi...

7.5CVSS7.1AI score0.00066EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.2 views

PT-2026-35828

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get pdf path of the file src/spire pdf mcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The...

7.5CVSS7.1AI score0.00066EPSS
Exploits0References8
OSV
OSVadded 2026/04/24 3:16 a.m.3 views

DEBIAN-CVE-2026-32952

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

7.5CVSS5.3AI score0.0007EPSS
Exploits0References1
NVD
NVDadded 2026/04/24 3:16 a.m.3 views

CVE-2026-32952

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

7.5CVSS0.0007EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/24 1:46 a.m.1 views

EUVD-2026-25374

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

5.3CVSS5.3AI score0.0007EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2026/04/24 1:46 a.m.2 views

CVE-2026-32952

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

7.5CVSS5.8AI score0.0007EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/04/24 1:46 a.m.1 views

CVE-2026-32952

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

5.3CVSS5.7AI score0.0007EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/04/24 1:46 a.m.22 views

CVE-2026-32952 go-ntlmssp NTLM challenges can panic on malformed payloads

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

5.3CVSS0.0007EPSS
Exploits0References2
Rows per page
Query Builder