Lucene search
+L

108 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-15751

A security vulnerability has been detected in mastergo-design mastergo-magic-mcp up to 0.2.0. The affected element is the function execute of the file mastergo/component-workflow.md of the component mcpgetComponentGenerator. The manipulation of the argument rootPath leads to path traversal. An...

5.3CVSS0.0014EPSS
Exploits0References6
CVE
CVE
added 3 days ago8 views

CVE-2026-15751

CVE-2026-15751 affects the mastergo-design mastergo-magic-mcp component set up to version 0.2.0. The vulnerability targets the execute function in mastergo/component-workflow.md for mcp__getComponentGenerator, where manipulation of the rootPath argument enables path traversal. Exploitation is loc...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-15751 mastergo-design mastergo-magic-mcp mcp__getComponentGenerator component-workflow.md execute path traversal

A security vulnerability has been detected in mastergo-design mastergo-magic-mcp up to 0.2.0. The affected element is the function execute of the file mastergo/component-workflow.md of the component mcpgetComponentGenerator. The manipulation of the argument rootPath leads to path traversal. An...

5.3CVSS0.0014EPSS
Exploits0References6
OSV
OSV
added 3 days ago4 views

CVE-2026-15751 mastergo-design mastergo-magic-mcp mcp__getComponentGenerator component-workflow.md execute path traversal

A security vulnerability has been detected in mastergo-design mastergo-magic-mcp up to 0.2.0. The affected element is the function execute of the file mastergo/component-workflow.md of the component mcpgetComponentGenerator. The manipulation of the argument rootPath leads to path traversal. An...

4.8CVSS5.8AI score0.0014EPSS
Exploits0References8
OSV
OSV
added 3 days ago3 views

CVE-2026-15749 mastergo-design mastergo-magic-mcp mcp__C2d get-c2d.ts execute path traversal

A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcpC2d. Performing a manipulation of the argument filePath results in path traversal. The attack requires a local...

4.8CVSS5.9AI score0.0014EPSS
Exploits0References8
CVE
CVE
added 3 days ago4 views

CVE-2026-15749

The CVE affects mastergo-design/mastergo-magic-mcp (mcp__C2d) up to v0.2.0, specifically the function execute in src/tools/get-c2d.ts. The vulnerability arises from manipulating the filePath argument, causing path traversal. This is a local attack, with exploit publicly released (CVSS 4.x metrics...

5.3CVSS5.9AI score0.0014EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-15669 louisho5 picobot exec Tool exec.go ExecTool.Execute os command injection

A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public...

5.3CVSS0.00622EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-58850

Name of the Vulnerable Software and Affected Versions mastergo-design mastergo-magic-mcp versions prior to 0.2.1 Description Path traversal occurs in the execute function within the mastergo/component-workflow.md file of the mcp getComponentGenerator component. This issue arises from the improper...

5.3CVSS6.2AI score0.0014EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/26 2:45 a.m.12 views

EUVD-2026-31783

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...

6.5CVSS6.4AI score0.00246EPSS
Exploits0References4
NVD
NVD
added 2026/05/17 1:16 p.m.19 views

CVE-2018-25320

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

9.8CVSS0.00576EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.48 views

CVE-2018-25320 ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

9.8CVSS0.00576EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 12:11 p.m.16 views

EUVD-2018-21841

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25320

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25320 ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 12:11 p.m.17 views

CVE-2018-25320

CVE-2018-25320 affects ACL Analytics 11.x through 13.0.0.579. The vulnerability is an arbitrary code execution via the EXECUTE function, enabling an attacker to run commands with SYSTEM privileges. Reported chain includes using bitsadmin to download malicious PowerShell scripts and execute them t...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References4
NVD
NVD
added 2026/05/17 9:16 a.m.23 views

CVE-2026-8740

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

6.5CVSS0.00232EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 8:0 a.m.11 views

CVE-2026-8740

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

6.5CVSS6.3AI score0.00232EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.19 views

PT-2026-41546

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

ACL Analytics 代码注入漏洞

ACL Analytics is a data analysis platform provided by ACL Corporation, which supports audit analysis, data mining, and risk monitoring. Versions 11.x to 13.0.0.579 of ACL Analytics have a code injection vulnerability. This vulnerability stems from the use of the EXECUTE function, which may allow...

9.8CVSS6.2AI score0.00576EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.16 views

PT-2026-35204

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...

6.5CVSS6.4AI score0.00365EPSS
Exploits1References5
Rows per page
Query Builder