CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

406 matches found

WordPress Competition Form Plugin <= 2.0 - Cross-Site Scripting

Competition Form WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to visit a...

7.1CVSS7.6AI score0.01761EPSS

Exploits1References2

RedhatCVE•added 2 days ago•4 views

CVE-2026-7149

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.5CVSS6.5AI score0.00066EPSS

Exploits0References1

OSV•added 2026/04/27 9:31 p.m.•1 views

GHSA-Q882-JC55-6343 kaggle-mcp has a Path Traversal issue

7.3CVSS5.4AI score0.00066EPSS

Exploits0References6

Snyk•added 2026/04/27 9:31 p.m.•6 views

Directory Traversal

Overview kaggle-mcp is an A MCP server for kaggle apis Affected versions of this package are vulnerable to Directory Traversal via the preparekaggledataset function in src/kagglemcp/server.py when processing the competitionid argument. An attacker can access arbitrary files on the server by...

7.5CVSS7.5AI score0.00066EPSS

Exploits0References2

Github Security Blog•added 2026/04/27 9:31 p.m.•3 views

kaggle-mcp has a Path Traversal issue

7.5CVSS6.7AI score0.00066EPSS

Exploits0References7Affected Software1

NVD•added 2026/04/27 7:16 p.m.•2 views

CVE-2026-7149

7.5CVSS0.00066EPSS

Exploits0References5

CVE•added 2026/04/27 6:45 p.m.•4 views

CVE-2026-7149

CVE-2026-7149 affects dexhunter kaggle-mcp: path traversal vulnerability in src/kaggle_mcp/server.py::prepare_kaggle_dataset caused by manipulating the competition_id. Attack is remote and publicly disclosed; no explicit affected version details can be given due to rolling-release policy. Project...

7.5CVSS7AI score0.00066EPSS

Exploits0References5

ATTACKERKB•added 2026/04/27 6:45 p.m.•0 views

CVE-2026-7149

7.5CVSS6.9AI score0.00066EPSS

Exploits0References5

Vulnrichment•added 2026/04/27 6:45 p.m.•1 views

CVE-2026-7149 dexhunter kaggle-mcp server.py prepare_kaggle_dataset path traversal

7.5CVSS7AI score0.00066EPSS

Exploits0References5

EUVD•added 2026/04/27 6:45 p.m.•2 views

EUVD-2026-25911

7.5CVSS5.2AI score0.00066EPSS

Exploits0References5

Cvelist•added 2026/04/27 6:45 p.m.•23 views

CVE-2026-7149 dexhunter kaggle-mcp server.py prepare_kaggle_dataset path traversal

7.5CVSS0.00066EPSS

Exploits0References5

CNNVD•added 2026/04/27 12:0 a.m.•7 views

kaggle-mcp MCP server 路径遍历漏洞

Kaggle-mcp MCP server is a MCP server tool developed by Dex’s individual developers for Kaggle APIs. The kaggle-mcp MCP server has a path traversal vulnerability. This vulnerability stems from improper handling of the competitionid parameter in the preparekaggledataset function located in the...

7.5CVSS7.1AI score0.00066EPSS

Exploits0References1

Positive Technologies•added 2026/04/27 12:0 a.m.•3 views

PT-2026-35516

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare kaggle dataset of the file src/kaggle mcp/server.py. The manipulation of the argument competition id leads to path traversal. The attack is possib...

7.5CVSS6.9AI score0.00066EPSS

Exploits0References8

CNNVD•added 2026/04/14 12:0 a.m.•3 views

Microsoft Windows Push Notifications 竞争条件问题漏洞

Microsoft Windows Push Notifications is a push notification service provided by Microsoft Corporation. It provides a reliable way to deliver new updates. There are vulnerabilities related to competition conditions in Microsoft Windows Push Notifications. Attackers can exploit these vulnerabilitie...

7.8CVSS5.8AI score0.00047EPSS

Exploits0References1

CNNVD•added 2026/03/26 12:0 a.m.•3 views

EVerest 竞争条件问题漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contained a race condition vulnerability, which was caused by data competition and could lead to mapping or queue corruption...

7CVSS5.8AI score0.00047EPSS

Exploits0References1

CNNVD•added 2026/03/26 12:0 a.m.•4 views

EVerest 竞争条件问题漏洞

4.2CVSS5.8AI score0.00006EPSS

Exploits0References1

Packet Storm News•added 2026/03/16 12:0 a.m.•1 views

How Vulnerable Are AI Agents to Indirect Prompt Injections? Insights from a Large-Scale Public Competition

LLM based agents are increasingly deployed in high stakes settings where they process external data sources such as emails, documents, and code repositories. This creates exposure to indirect prompt injection attacks, where adversarial instructions embedded in external content manipulate agent...

5.8AI score

Exploits0

Schneier on Security•added 2026/03/13 11:4 a.m.•2 views

Academia and the “AI Brain Drain”

In 2025, Google, Amazon, Microsoft and Meta collectively spent US$380 billion on building artificial-intelligence tools. That number is expected to surge still higher this year, to $650 billion, to fund the building of physical infrastructure, such as data centers see go.nature.com/3lzf79q...

5.8AI score

Exploits0

Packet Storm News•added 2026/03/12 12:0 a.m.•4 views

Highly Autonomous Cyber-Capable Agents: Anticipating Capabilities, Tactics, and Strategic Implications

This report introduces the concept of "Highly Autonomous Cyber-Capable Agents" HACCAs, AI systems capable of autonomously conducting multi-stage cyber campaigns at a level comparable to today's top criminal hacking groups or state-affiliated threat actors, and analyzes the security implications o...

5.8AI score

Exploits0