69 matches found
GHSA-XHF5-7WJV-PQXP vulnerabilities
Vulnerabilities for packages: kubescape-operator-fips, helm-fips, docker-cli-buildx-fips, helm-mapkubeapis, kaniko-fips, neuvector-scanner, kgateway, rancher-agent, tw, teleport, cloudbeat-fips, newrelic-infrastructure-agent, headlamp, manifest-tool, eksctl, helm, redpanda-operator,...
CVE-2026-7715
A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...
CVE-2026-7715
A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...
EUVD-2026-26866
A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...
CVE-2026-7715 ravenwits mcp-server-arangodb MCP tools.ts arango_backup path traversal
A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...
CVE-2026-7715
Technical details are not publicly available in the provided documents. Monitor for updates from the project and CVE entry.
PT-2026-36743
Name of the Vulnerable Software and Affected Versions ravenwits mcp-server-arangodb versions prior to 0.4.8 Description A path traversal issue exists in the MCP Interface component within the arango backup function of the src/tools.ts file. A remote attacker can manipulate the outputDir argument ...
CVE-2026-41674 vulnerabilities
Vulnerabilities for packages: librechat, arangodb, sqlpad, saf, actions-runner, npm...
GHSA-X6WF-F3PX-WCQX vulnerabilities
Vulnerabilities for packages: librechat, arangodb, sqlpad, saf, actions-runner, npm...
CVE-2026-41673 vulnerabilities
Vulnerabilities for packages: librechat, arangodb, sqlpad, saf, actions-runner, npm...
CVE-2026-41672 vulnerabilities
Vulnerabilities for packages: librechat, arangodb, sqlpad, saf, actions-runner, npm...
CVE-2026-41675 vulnerabilities
Vulnerabilities for packages: librechat, arangodb, sqlpad, saf, actions-runner, npm...
GHSA-J759-J44W-7FR8 vulnerabilities
Vulnerabilities for packages: librechat, arangodb, sqlpad, saf, actions-runner, npm...
GHSA-F6WW-3GGP-FR8H vulnerabilities
Vulnerabilities for packages: librechat, arangodb, sqlpad, saf, actions-runner, npm...
GHSA-2V35-W6HQ-6MFW vulnerabilities
Vulnerabilities for packages: librechat, arangodb, sqlpad, saf, actions-runner, npm...
CVE-2026-34601 vulnerabilities
Vulnerabilities for packages: saf, sqlpad, arangodb...
CVE-2019-25367
ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface index.html through search, user management, and API parameters. Attackers can inject scripts via parameters in /db/system/admin/aardvark/index.html to execute JavaScript i...
EUVD-2019-19411
ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface index.html through search, user management, and API parameters. Attackers can inject scripts via parameters in /db/system/admin/aardvark/index.html to execute JavaScript i...
CVE-2019-25367 ArangoDB Community Edition 3.4.2-1 XSS via aardvark admin interface
ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface index.html through search, user management, and API parameters. Attackers can inject scripts via parameters in /db/system/admin/aardvark/index.html to execute JavaScript i...
CVE-2019-25367
ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface index.html through search, user management, and API parameters. Attackers can inject scripts via parameters in /db/system/admin/aardvark/index.html to execute JavaScript i...