Lucene search
K

7 matches found

EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-44515

A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcpgetComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack ma...

7.5CVSS6.3AI score
Exploits0References7
CVE
CVE
added yesterday9 views

CVE-2026-15750

CVE-2026-15750 affects the project: mastergo-design / mastergo-magic-mcp, specifically the mcp__getComponentLink component. The vulnerable element is the function z.string in the file src/tools/get-component-link.ts . The issue arises from manipulating the argument url , enabling a server‑side re...

7.5CVSS6.3AI score
Exploits0References6
NVD
NVD
added 2026/05/07 3:16 p.m.48 views

CVE-2026-44263

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

4.3CVSS0.00288EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/07 12:3 a.m.13 views

Weblate Vulnerable to Private Translation Enumeration via Screenshot API

Impact The screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. Patches https://github.com/WeblateOrg/weblate/pull/19258 Acknowledgement Weblate thanks Luay for reporting this vulnerability according to the organization's...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/05/07 12:3 a.m.12 views

Information Exposure

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Information Exposure in the Screenshot API, tasks API, and component link API. An attacker can access private translation data by enumeratin...

5.3CVSS5.8AI score0.00288EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.23 views

PT-2026-38400

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17.1 Description The screenshots, tasks, and component link API endpoints allow for the enumeration of translations within a project that the user should not be able to access. Recommendations Update to version 5.17...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

O2OA 代码问题漏洞

O2OA is an open-source enterprise application development platform developed by O2OA. Versions of O2OA 10.0 and earlier contained code vulnerabilities. These vulnerabilities were caused by an operation in the FileAction function during component URL fetching, which led to server-side request...

6.5CVSS6.7AI score0.00206EPSS
Exploits0References1
Rows per page
Query Builder