CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added last week•6 views

CVE-2026-7066

A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function execopenstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has...

7.5CVSS6.9AI score0.0212EPSS

CVE-2026-7785

A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quickcapture of the file pysharkmcp.py. The manipulation results in os command injection. The attack may be launched...

CVE-2026-7220

A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastlycli Tool. The manipulation of the argument command leads to os command injection. It is possible to initiate...

7.5CVSS6.9AI score0.0212EPSS

CVE-2026-7211

A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcpserver.py of the component Git Search API. Executing a manipulation of the argument repourl/pattern can lead to command injection. The attack can be executed remotel...

RedhatCVE•added last week•3 views

CVE-2026-7215

A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launchvmdguitool of the file mcpserver.py of the component VMD Launch Handler. The manipulation of the argument structurefile/trajectoryfile results in command injection. The attack may be launch...

RedhatCVE•added last week•4 views

CVE-2026-7058

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...

7.5CVSS6.7AI score0.0212EPSS

7.5CVSS6.8AI score0.00403EPSS

CVE-2026-7416

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...

RedhatCVE•added last week•4 views

CVE-2026-7061

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS6.9AI score0.01715EPSS

9.8CVSS7AI score0.00455EPSS

CVE-2026-5974

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...

Exploits1References1

RedhatCVE•added last week•6 views

CVE-2026-5741

A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stopcontainer/removecontainer/pullimage of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried out...

7.5CVSS6.7AI score0.01761EPSS

CVE-2026-10219

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component writefile Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. T...

7.5CVSS6.8AI score0.01715EPSS

CVE-2026-6130

A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command...

RedhatCVE•added last week•6 views

CVE-2025-40947

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

7.7CVSS8.5AI score0.00256EPSS

RedhatCVE•added last week•4 views

CVE-2026-42307

A flaw was found in Vim. A remote attacker can exploit an OS command injection vulnerability in the netrw standard plugin by tricking a user into opening a specially crafted URL, such as one using the sftp:// or file:// protocol handlers. This allows the attacker to execute arbitrary shell comman...

7.3CVSS5.9AI score0.00224EPSS

Exploits0References6

Cvelist•added last week•24 views

CVE-2026-25622 Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...

7CVSS0.00198EPSS

EUVD•added last week•8 views

EUVD-2026-34907

7CVSS5.8AI score0.00198EPSS

ATTACKERKB•added last week•4 views

CVE-2026-25622

7CVSS5.8AI score0.00198EPSS

Exploits0References2

Vulnrichment•added last week•6 views

CVE-2026-25622 Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection

7CVSS5.8AI score0.00198EPSS