CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

70 matches found

EUVD-2026-34037

A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...

6.5CVSS5.4AI score0.00042EPSS

Exploits0References9

Vulnrichment•added 3 days ago•6 views

CVE-2026-10662 ahujasid blender-mcp ZIP File server.py requests.get server-side request forgery

6.5CVSS6.1AI score0.00042EPSS

Exploits0References8

CVE•added 3 days ago•10 views

CVE-2026-10662

The CVE concerns ahujasid blender-mcp (up to commit 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b) and targets the ZIP File Handler’s server.py, specifically the requests.get usage. Flaw: manipulation of the argument zip_file_url enables server-side request forgery (SSRF). Impact is described as remot...

6.5CVSS6.1AI score0.00042EPSS

Exploits0References8

Cvelist•added 3 days ago•23 views

CVE-2026-10662 ahujasid blender-mcp ZIP File server.py requests.get server-side request forgery

6.5CVSS0.00042EPSS

Exploits0References8

Positive Technologies•added 3 days ago•6 views

PT-2026-45869

Name of the Vulnerable Software and Affected Versions ahujasid blender-mcp versions prior to 5b37be25242e73dc4cf1328974d30458b9e5d67e Description Server-side request forgery can be executed remotely via the ZIP File Handler component. The issue exists in the requests.get function within the...

6.5CVSS6.5AI score0.00042EPSS

Exploits0References10

RedhatCVE•added 2026/02/10 1:23 p.m.•2 views

CVE-2026-2226

A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sqlfilename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

7.2CVSS5.2AI score0.00021EPSS

Exploits1References1

NVD•added 2026/02/09 10:15 a.m.•4 views

CVE-2026-2226

7.2CVSS0.00021EPSS

Exploits1References4

OSV•added 2026/02/09 10:15 a.m.•0 views

CVE-2026-2226

7.2CVSS5.4AI score

Exploits0References4

ATTACKERKB•added 2026/02/09 9:32 a.m.•4 views

CVE-2026-2226

5.8CVSS5.2AI score0.00021EPSS

Exploits1References4

Vulnrichment•added 2026/02/09 9:32 a.m.•3 views

CVE-2026-2226 DouPHP ZIP File file.php unrestricted upload

5.8CVSS5.2AI score0.00021EPSS

Exploits1References4

Cvelist•added 2026/02/09 9:32 a.m.•25 views

CVE-2026-2226 DouPHP ZIP File file.php unrestricted upload

5.8CVSS0.00021EPSS

Exploits1References4

CVE•added 2026/02/09 9:32 a.m.•8 views

CVE-2026-2226

CVE-2026-2226 affects DouPHP up to 1.9, targeting the ZIP File Handler component. The issue arises from manipulating the argument sql_filename in the file /admin/file.php, leading to unrestricted upload. The vulnerability can be exploited remotely, and the exploit has been disclosed publicly. The...

7.2CVSS5.2AI score0.00021EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/02/09 12:0 a.m.•3 views

PT-2026-7091

A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql filename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

5.8CVSS5.3AI score0.00021EPSS

Exploits1References5

EUVD•added 2026/02/03 8:32 p.m.•1 views

EUVD-2026-5175

A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal...

6.5CVSS5.1AI score0.0011EPSS

Exploits1References5

Positive Technologies•added 2026/02/03 12:0 a.m.•1 views

PT-2026-6062

Name of the Vulnerable Software and Affected Versions bolo-blog bolo-solo versions prior to 2.6.5 Description A path traversal issue exists in the ZIP File Handler component of bolo-blog bolo-solo. The issue is located in the unpackFilteredZip function within the...

6.5CVSS5.3AI score0.0011EPSS

Exploits1References7

NVD•added 2025/12/01 9:16 a.m.•1 views

CVE-2025-13816

A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...

8.8CVSS0.00115EPSS

Exploits1References5

OSV•added 2025/12/01 9:16 a.m.•1 views

CVE-2025-13816

8.8CVSS6.8AI score

Exploits0References5

EUVD•added 2025/12/01 8:32 a.m.•2 views

EUVD-2025-199973

6.5CVSS6.2AI score0.00115EPSS

Exploits1References6

Cvelist•added 2025/12/01 8:32 a.m.•6 views

CVE-2025-13816 moxi159753 Mogu Blog v2 ZIP File unzipFile FileOperation.unzip path traversal

6.5CVSS0.00115EPSS

Exploits1References5

CNNVD•added 2025/12/01 12:0 a.m.•1 views

Mogu blog 路径遍历漏洞

Mogu blog is a micro-architecture based front-end and back-end shared blog system by individual developers in Streamlet, China. A path traversal vulnerability exists in Mogu blog v2 5.2 and earlier versions, which stems from the improper handling of the fileUrl parameter in the FileOperation.unzi...

8.8CVSS6.4AI score0.00115EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by