CVE-2026-32685 Path Traversal in gleam docs build via documentation.pages Allows Arbitrary File Read and Write

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

CVE-2026-7788 Axle-Bucamp MCP-Docusaurus document.py get_content path traversal

A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function updatedocument/continuedocument/deletedocument/getcontent of the file app/routes/document.py. Performing a manipulation of the argument DOCSDIR/pa...

CVE-2026-7788

A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function updatedocument/continuedocument/deletedocument/getcontent of the file app/routes/document.py. Performing a manipulation of the argument DOCSDIR/pa...

CVE-2026-7788 Axle-Bucamp MCP-Docusaurus document.py get_content path traversal

A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function updatedocument/continuedocument/deletedocument/getcontent of the file app/routes/document.py. Performing a manipulation of the argument DOCSDIR/pa...

CVE-2026-7788

Summary: CVE-2026-7788 affects Axle-Bucamp MCP-Docusaurus. A path traversal vulnerability exists in the file path app/routes/document.py, specifically in the functions update_document, continue_document, delete_document, and get_content, triggered by manipulating the DOCS_DIR/path argument. This ...

MCP Docusaurus Toolkit 路径遍历漏洞

MCP Docusaurus Toolkit is a documentation management and semantic search platform developed by Bucamp Axle’s individual developers. The MCP Docusaurus Toolkit has a path traversal vulnerability, which stems from the operations on the parameter DOCSDIR/path in the functions updatedocument,...

PT-2026-36937

A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update document/continue document/delete document/get content of the file app/routes/document.py. Performing a manipulation of the argument DOCS...

Directory Traversal

Overview mkdocs-mcp-plugin is a MCP server for MkDocs documentation with intelligent search and retrieval capabilities Affected versions of this package are vulnerable to Directory Traversal via the readdocument and listdocuments functions in server.py when processing the docsdir or filepath...

CVE-2026-7159

CVE-2026-7159 affects the douinc mkdocs-mcp-plugin (up to 0.4.1). The vulnerability exists in the file server.py functions read_document and list_documents , where manipulating the arguments docs_dir/file_path yields a path traversal . This allows a remote attacker to access files outside the int...

MkDocs MCP Plugin 路径遍历漏洞

MkDocs MCP Plugin is an open-source document intelligent search and integration tool developed by Dou. Versions of MkDocs MCP Plugin prior to 0.4.1 contained a path traversal vulnerability. This vulnerability stemmed from improper handling of parameters docsdir and filepath in the...

PT-2006-1805 · Dotproject · Dotproject

Name of the Vulnerable Software and Affected Versions: dotProject versions 2.0.1 and earlier Description: The issue allows remote attackers to obtain sensitive configuration information because certain files, specifically phpinfo.php and check.php, remain accessible under the /docs/ directory aft...