CVE-2026-42320 GLPI vulnerable to arbitrary file access

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

CVE-2026-42320 GLPI vulnerable to arbitrary file access

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

react-doc-viewer 跨站脚本漏洞

react-doc-viewer is a React documentation viewer component developed by Damian Cyntler. Version 1.17.1 of react-doc-viewer contains a cross-site scripting vulnerability. This vulnerability arises from the TXTRenderer component failing to clean up file content and explicitly converting raw data in...

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

PT-2026-42214

Name of the Vulnerable Software and Affected Versions @cyntler/react-doc-viewer version 1.17.1 Description A Cross-Site Scripting XSS issue exists where remote attackers can execute arbitrary JavaScript by using a crafted .txt file. This occurs because the TXTRenderer component does not sanitize...

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: rust: cargo-1.95.0-5.hum1 aarch64, x8664 clippy-1.95.0-5.hum1 aarch64, x8664 rust-1.95.0-5.hum1 aarch64, x8664 rust-analyzer-1.95.0-5.hum1 aarch64, x8664 rust-debugger-common-1.95.0-5.hum1 noarch...

@stnd/build (=0.18.70), saku-doc (>=0.0.1 <=0.0.4) +1 more potentially affected by CVE-2026-45028 via astro (>=6.0.0-beta.1 <=6.0.4)

astro NPM version =6.0.0-beta.1, =0.0.1, =0.0.4 - stnd =0.18.70 Source cves: CVE-2026-45028 Source advisory: SNYK:JS-ASTRO-16643260...

Arbitrary File Upload

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Arbitrary File Upload via the storedoc process. An attacker can write arbitrary files to locations outside the intended upload directory by supplying crafted filenames containing path traversal sequences in t...

CVE-2026-7738

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: fontconfig: fontconfig-2.17.1-0.1.hum1 aarch64, x8664 fontconfig-devel-2.17.1-0.1.hum1 aarch64, x8664 fontconfig-devel-doc-2.17.1-0.1.hum1 noarch fontconfig-2.17.1-0.1.hum1.src src Security Fixes...

@puchunjie/doc-tools-mcp (>=1.0.11 <=1.0.14) potentially affected by CVE-2026-7738 via @puchunjie/doc-tools-mcp (=1.0.18)

@puchunjie/doc-tools-mcp NPM version =1.0.18 is affected by a known vulnerability. The following packages have a transitive dependency on @puchunjie/doc-tools-mcp and may be impacted: - @puchunjie/doc-tools-mcp =1.0.11, =1.0.14 Source cves: CVE-2026-7738 Source advisory: OSV:GHSA-GCMM-C94J-J47X...

@puchunjie/doc-tools-mcp has a Path Traversal Issue

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...

@puchunjie/doc-tools-mcp (>=1.0.11 <=1.0.14) potentially affected by CVE-2026-7738 via @puchunjie/doc-tools-mcp (=1.0.18)

@puchunjie/doc-tools-mcp NPM version =1.0.18 is affected by a known vulnerability. The following packages have a transitive dependency on @puchunjie/doc-tools-mcp and may be impacted: - @puchunjie/doc-tools-mcp =1.0.11, =1.0.14 Source cves: CVE-2026-7738 Source advisory:...

CVE-2026-7738

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...

CVE-2026-7738 puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...

CVE-2026-7738

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...

EUVD-2026-26919

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...

CVE-2026-7728

A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function getdoccontent/readdoc/updatedoc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal. The attack can be launched remotely. The exploit is publicly...