Lucene search
K

493 matches found

OSV
OSV
added 2 days ago4 views

CVE-2026-61462 mcp-gitlab Path Traversal via job_id Parameter

mcp-gitlab contains a path traversal vulnerability in the jobid parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted jobid values like ../../../user to escape the intended path prefix and access arbitrary GitLab API...

9.2CVSS6.2AI score0.0038EPSS
Exploits0References6
CVE
CVE
added 2 days ago9 views

CVE-2026-61462

CVE-2026-61462 affects mcp-gitlab. A path traversal weakness exists in the build/index.js job_id parameter, allowing an attacker to escape the intended path prefix (e.g., using ../../../user) and redirect GitLab API requests to arbitrary endpoints. This can enable access to arbitrary GitLab API r...

9.2CVSS6.2AI score0.0038EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 11:16 a.m.7 views

CVE-2026-13341

A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...

7.4CVSS0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.17 views

PT-2026-55525

Name of the Vulnerable Software and Affected Versions Kong Konnect MCP server versions prior to 1.0.0 Description An issue exists where the server fails to properly validate content returned to the Large Language Model LLM. This allows a remote attacker to perform an indirect prompt injection by...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:26 p.m.8 views

CVE-2026-10786

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

6.5CVSS5.5AI score0.00148EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-9246

Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault read access to retrieve the documentation and attachments of sealed entries via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 throug...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2026-6341

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID:...

4.3CVSS5.5AI score0.00152EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 8:57 p.m.2 views

CVE-2026-42540 IRIS has a Mass Assignment issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS6AI score0.00183EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/04 8:57 p.m.32 views

CVE-2026-42540 IRIS has a Mass Assignment issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS0.00183EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:57 p.m.8 views

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

5.8AI score0.00183EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:27 p.m.17 views

CVE-2026-8477

Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...

2.7CVSS5.8AI score0.00178EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 3:25 p.m.14 views

CVE-2026-9224

Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and...

5.8AI score0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.17 views

PT-2026-42790

Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and...

5.8AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

2.7CVSS6AI score0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/18 7:5 a.m.41 views

CVE-2026-6341 Incomplete group locking implementation

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID:...

4.3CVSS0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 7:5 a.m.10 views

CVE-2026-6341

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References2
CVE
CVE
added 2026/05/18 7:5 a.m.26 views

CVE-2026-6341

Mattermost advisories describe a vulnerability in Mattermost Plugins affecting versions

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/18 6:53 a.m.2 views

CVE-2026-3637 Mattermost fails to enforce create_post permission when editing posts

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS5.9AI score0.00152EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/06 6:30 p.m.15 views

EUVD-2026-27847

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability ...

8.8CVSS6.3AI score0.00712EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 4:16 p.m.28 views

CVE-2026-20034

Cisco Unity Connection’s web-based management interface is affected by a vulnerability where insufficient validation of user-supplied input enables an authenticated attacker, with valid credentials, to submit a crafted API request and execute arbitrary code as root. The impact is potentially comp...

8.8CVSS6.3AI score0.00712EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder