31 matches found
GHSA-7HGR-7H44-33W2 CamoFox MCP: Unauthenticated HTTP MCP browser-control surface
Unauthenticated HTTP MCP browser-control surface in camofox-mcp Summary camofox-mcp exposed a Streamable HTTP MCP endpoint at /mcp with rate limiting but no inbound MCP-layer authentication. When HTTP mode was enabled, any client that could reach /mcp could list and invoke browser-control tools. ...
CVE-2026-7064
A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published...
CVE-2026-7064 AgentDeskAI browser-tools-mcp browser-connector.ts os command injection
A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published...
CVE-2026-7064 AgentDeskAI browser-tools-mcp browser-connector.ts os command injection
A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published...
EUVD-2026-25734
A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published...
CVE-2026-7064
CVE-2026-7064 affects AgentDeskAI browser-tools-mcp (up to version 1.2.0). The flaw involves a manipulation in the file browser-tools-server/browser-connector.ts that can enable os command injection. Reported as exploitable from remote, with an exploit published. Details in the connected document...
CVE-2026-7064
A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published...
BrowserTools MCP 命令注入漏洞
BrowserTools MCP is an open-source browser monitoring and AI interaction tool developed by AgentDeskAI. Versions of BrowserTools MCP 1.2.0 and earlier contained a command injection vulnerability, which stemmed from the os command injection present in the browser-tools-server/browser-connector.ts...
PT-2026-35271
A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published...
CVE-2026-39415 Frappe Learning Management System has Client-Side Manipulation of Quiz Scores
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...
Hitachi Energy RTU500 Product Improper Handling of Insufficient Permissions or Privileges (CVE-2026-1772)
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges. This plugin only works with Tenable.ot...
CVE-2026-1772
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...
CVE-2026-1772
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...
CVE-2026-1772
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...
EUVD-2026-8460
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...
Y Soft SafeQ 安全漏洞
Y Soft SafeQ is a print management software from the Czech company Y Soft. A security vulnerability exists in versions prior to Y Soft SafeQ 6 MU106, which stems from the presentation of the Workflow Connector password field in a way that allows administrators with UI access to view the password...
PT-2026-2852
Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector. This issue affects Y Soft SafeQ ...
CVE-2025-13483 Missing Authentication for Critical Function in SiRcom SMART Alert (SiSA)
SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...
EUVD-2025-199621
SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...
CVE-2025-13483
SiRcom SMART Alert (SiSA) is affected by a Missing Authentication vulnerability that lets an unauthenticated attacker access backend APIs and bypass the login screen via browser developer tools, gaining access to restricted parts of the application. The CVE-2025-13483 entry notes a high-severity ...