508 matches found
CVE-2026-27203
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebaysetusertokens tool allows updating the .env file with new tokens...
eBay API MCP Server 注入漏洞
The eBay API MCP Server is a context-based protocol server developed by YosefHayim as an individual developer. The eBay API MCP Server has a vulnerability related to environment variable injection in the updateEnvFile function. This vulnerability may lead to configuration overrides, denial of...
CVE-2026-27203 eBay API MCP Server Affected by Environment Variable Injection
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebaysetusertokens tool allows updating the .env file with new tokens...
CVE-2026-27203 eBay API MCP Server Affected by Environment Variable Injection
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebaysetusertokens tool allows updating the .env file with new tokens...
CVE-2026-27203
The CVE-2026-27203 entry affects ebay-mcp (eBay API MCP Server), where the updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values, enabling CRLF/environment variable injection via the ebay_set_user_tokens tool. This can inject arbitrary environment variables into the .env ...
CVE-2026-27203 eBay API MCP Server Affected by Environment Variable Injection
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebaysetusertokens tool allows updating the .env file with new tokens...
CVE-2026-25384
Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through = 3.8.5...
CVE-2026-25384
Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through = 3.8.5...
WordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin WP-Lister Lite for eBay versions = 3.8.5...
CVE-2026-25384 WordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through = 3.8.5...
CVE-2026-25384 WordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through = 3.8.5...
CVE-2026-25384
Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through = 3.8.5...
CVE-2026-25384
CVE-2026-25384 affects WP-Lister Lite for eBay, plugin versions
WordPress plugin WP-Lister Lite for eBay 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
PT-2026-21328
Name of the Vulnerable Software and Affected Versions eBay API MCP Server affected versions not specified Description The eBay API MCP Server, an open source local MCP server providing AI assistants with access to eBay's Sell APIs, is susceptible to Environment Variable Injection through the...
PT-2026-20718
Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through = 3.8.5...
WordPress WP eBay Product Feeds plugin <= 3.4.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin WP eBay Product Feeds versions = 3.4.9...
CVE-2025-67557
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rhys Wynne WP eBay Product Feeds ebay-feeds-for-wordpress allows Stored XSS.This issue affects WP eBay Product Feeds: from n/a through = 3.4.9...
CVE-2025-67557
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rhys Wynne WP eBay Product Feeds ebay-feeds-for-wordpress allows Stored XSS.This issue affects WP eBay Product Feeds: from n/a through = 3.4.9...
CVE-2025-67557
The CVE entry CVE-2025-67557 concerns a Stored XSS in the WordPress plugin WP eBay Product Feeds (ebay-feeds-for-wordpress) affecting versions from n/a up to and including 3.4.9. The vulnerability is caused by improper neutralization of input during web page generation, enabling stored cross-site...