CVE-2026-7404

The CVE affects getsimpletool mcpo-simple-server up to 0.2.0. The vulnerability is in delete_shared_prompt (src/mcpo_simple_server/services/prompt_manager/base_manager.py), where manipulation of the detail argument enables relative path traversal. It can be exploited remotely, and a public exploi...

EUVD-2026-26288

A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...

CVE-2026-7404 getsimpletool mcpo-simple-server base_manager.py delete_shared_prompt path traversal

A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...

MCPoSimpleServer 路径遍历漏洞

MCPoSimpleServer is a lightweight asynchronous LLM server based on the MCP protocol, developed as part of the GetSimpleTool open-source project. Versions of MCPoSimpleServer 0.2.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the detail operation in the...

EUVD-2025-205744

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xenioushk BWL Knowledge Base Manager bwl-kb-manager allows Stored XSS.This issue affects BWL Knowledge Base Manager: from n/a through = 1.6.3...

CVE-2025-68992

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xenioushk BWL Knowledge Base Manager bwl-kb-manager allows Stored XSS.This issue affects BWL Knowledge Base Manager: from n/a through = 1.6.3...

CVE-2025-68992 WordPress BWL Knowledge Base Manager plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xenioushk BWL Knowledge Base Manager bwl-kb-manager allows Stored XSS.This issue affects BWL Knowledge Base Manager: from n/a through = 1.6.3...

CVE-2025-68992

CVE-2025-68992 affects BWL Knowledge Base Manager (bwL-kb-manager) for WordPress. Connected documents confirm a stored cross-site scripting (XSS) vulnerability in BW KBase Manager, affecting versions up to 1.6.3. The Wordfence report lists this as an authenticated (Contributor+) Stored XSS, indic...

WordPress plugin BWL Knowledge Base Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress BWL Knowledge Base Manager plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin BWL Knowledge Base Manager versions = 1.6.3...