CVE-2026-7599

The vulnerability affects Dayoooun hwpx-mcp 0.2.0, specifically the MCP Interface. It targets the mcp-server/src/index.ts functions save_document, export_to_text, and export_to_html, enabling path traversal via manipulation of the argument output_path. This allows remote exploitation, and the exp...

CodePhiliaX Chat2DB SQL注入漏洞

CodePhiliaX Chat2DB is an open-source AI-driven SQL client developed by CodePhiliaX. Versions of CodePhiliaX Chat2DB 0.3.7 and earlier contain a SQL injection vulnerability. This vulnerability arises from improper handling of parameters in the functions exportTable, exportTableColumnComment,...

CVE-2025-62720 LinkAce: Data Exfiltration via Export Functions Allow Access to All Users' Private Links

LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in the system, including private links that should only be accessible to their owners. The HTML and CSV export functions in the...

CVE-2025-62720 LinkAce: Data Exfiltration via Export Functions Allow Access to All Users' Private Links

LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in the system, including private links that should only be accessible to their owners. The HTML and CSV export functions in the...

EUVD-2025-24227

Malicious code in bioql PyPI...

CVE-2025-8767 AnWP Football Leagues <= 0.16.17 - Authenticated (Administrator+) CSV Injection

The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'downloadcsvplayers' and 'downloadcsvgames' functions. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed...

CVE-2025-29153

SQL Injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the Data export, filters functions...

CVE-2025-29153

SQL Injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the Data export, filters functions...

PT-2025-11312 · Git +1 · Assimp

Name of the Vulnerable Software and Affected Versions: Assimp affected versions not specified Description: The software is susceptible to an unknown read crash during scene copying. The crash occurs within the Assimp::SceneCombiner::CopyScene function, triggered through the Assimp::Exporter::Expo...

Spartacus - DLL Hijacking Discovery Tool

Why "Spartacus"? If you have seen the film Spartacus from 1960, you will remember the scene where the Romans are asking for Spartacus to give himself up. The moment the real Spartacus stood up, a lot of others stood up as well and claimed to be him using the "I AM SPARTACUS" phrase. When a proces...