CVE-2026-7212

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

notes-mcp has a Path Traversal issue

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

CVE-2026-7212 edvardlindelof notes-mcp notes_mcp.py path traversal

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

CVE-2026-7212

CVE-2026-7212 affects the edvardlindelof notes-mcp project up to version 0.1.4, specifically via an issue in the notes_mcp.py file where manipulation of the arguments root_dir or path enables a path traversal vulnerability. The vulnerability is exploitable remotely and, according to the provided ...

PT-2026-35585

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes mcp.py. The manipulation of the argument root dir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

Notes MCP server 路径遍历漏洞

Notes MCP Server is a text content collaboration management tool developed by Edvard Lindelof. Versions of Notes MCP Server prior to 0.1.4 contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of parameters rootdir and path in the notesmcp.py file, which cou...

EUVD-2026-16921

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

PT-2026-28714

Name of the Vulnerable Software and Affected Versions Sinaptik AI PandasAI versions up to 0.1.4 Description A SQL injection issue exists in the pandasai-lancedb Extension within Sinaptik AI PandasAI. The issue is located in the file extensions/ee/vectorstores/lancedb/pandasai lancedb/lancedb.py a...

GHSA-XC79-566C-J4QX Parallax is vulnerable to DoS via malicious p2p message

Impact A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. In order to carry out the attack, the attacker establishes a peer connections to the victim, and sends a malicious GetBlockHeadersRequest message...

EUVD-2017-0069

Malware in sbrugna...

EUVD-2025-21056

Malicious code in bioql PyPI...

EUVD-2025-11701

Malicious code in bioql PyPI...

EUVD-2025-12004

Malicious code in bioql PyPI...

SUSE CVE-2025-53632

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...

Malicious code in aiohappyeyeballs (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2059da56cd060292843a9bf0b02a2c41b90d84e83b5b15aa59580a8bc9084a23 The OpenSSF Package Analysis project identified 'aiohappyeyeballs' @...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the HTTP Gateway process. An attacker can exhaust system resources by sending HTTP headers very slowly, preventing legitimate requests from being processed. Remediation Upgrade...

llama-index-packs-docugami-kg-rag (>=0.1.1 <=0.2.0) potentially affected by CVE-2025-6211 via llama-index-readers-docugami (=0.1.4)

llama-index-readers-docugami PYPI version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on llama-index-readers-docugami and may be impacted: - llama-index-packs-docugami-kg-rag =0.1.1, =0.2.0 Source cves: CVE-2025-6211 Source advisory:...

Chall-Manager 路径遍历漏洞

Chall-Manager is an open source project from CTFer.io open source. A path traversal vulnerability exists in versions prior to Chall-Manager 0.1.4, which originates from unzipping a zip file without checking the path of the file, which may lead to arbitrary file overwriting...

Introspect 注入漏洞

Introspect is an open source application from Defog.ai. An injection vulnerability exists in Introspect 0.1.4 and earlier versions, which stems from code injection due to incorrect manipulation of the parameter code in the file introspect/backend/tools/analysistools.py...

CVE-2025-4767 defog-ai introspect Test Endpoint integration_routes.py test_custom_tool code injection

A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue is the function testcustomtool of the file introspect/backend/integrationroutes.py of the component Test Endpoint. The manipulation of the argument inputmodel leads to code injectio...