Lucene search
K

685 matches found

Cvelist
Cvelist
added 2026/04/28 1:0 p.m.35 views

CVE-2026-7272 WilliamCloudQi matlab-mcp-server MCP index.ts execute_matlab_code path traversal

A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generatematlabcode/executematlabcode of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can lead...

7.5CVSS0.00424EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35725

A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generate matlab code/execute matlab code of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can...

7.5CVSS7AI score0.00424EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

MATLAB MCP Server 路径遍历漏洞

MATLAB MCP Server is an AI assistant tool developed by Williamcloudq, which integrates MATLAB functionality. MATLAB MCP Server has a path traversal vulnerability. This vulnerability stems from the operation of the generatematlabcode/executematlabcode functions in the MCP Interface component,...

7.5CVSS7.1AI score0.00424EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/27 9:31 p.m.9 views

Server-side Request Forgery (SSRF)

Overview auto-favicon is an A Model Context Protocol server providing tools for automatic favicon generation from PNG images or URLs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the generatefaviconfromurl function. An attacker can cause the server to ma...

6.5CVSS6.7AI score0.00201EPSS
Exploits0References2
OSV
OSV
added 2026/04/27 9:31 p.m.5 views

GHSA-VMH7-9C7H-2PGG auto-favicon has a Server-Side Request Forgery issue

A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generatefaviconfromurl of the file src/autofavicon/server.py of the component MCP Tool. The manipulation of the argument imageurl results in server-side request forgery...

6.3CVSS6.2AI score0.00201EPSS
Exploits0References6
NVD
NVD
added 2026/04/27 7:17 p.m.5 views

CVE-2026-7150

A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generatefaviconfromurl of the file src/autofavicon/server.py of the component MCP Tool. The manipulation of the argument imageurl results in server-side request forgery...

6.5CVSS0.00201EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/27 7:0 p.m.4 views

CVE-2026-7150

A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generatefaviconfromurl of the file src/autofavicon/server.py of the component MCP Tool. The manipulation of the argument imageurl results in server-side request forgery...

6.5CVSS6AI score0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/27 7:0 p.m.3 views

CVE-2026-7150 dh1011 auto-favicon MCP Tool server.py generate_favicon_from_url server-side request forgery

A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generatefaviconfromurl of the file src/autofavicon/server.py of the component MCP Tool. The manipulation of the argument imageurl results in server-side request forgery...

6.5CVSS6AI score0.00201EPSS
Exploits0References4
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-244 Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH...

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

5.3CVSS6.4AI score0.04459EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.12 views

Auto Favicon MCP Server 代码问题漏洞

The Auto Favicon MCP Server is a tool developed by Yuey, a personal developer, for automatically generating website icons. The Auto Favicon MCP Server f189116a9259950c2393f114dbcb94dde0ad864b and previous versions have code vulnerabilities. These vulnerabilities stem from improper handling of the...

6.5CVSS6.7AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.17 views

PT-2026-34851

The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate openai content callback function, which relies solely on a nonce rather than verifying user permissions. This makes it...

4.3CVSS5.7AI score0.0027EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

skim 代码注入漏洞

Skim is a fuzzy search and rapid file location tool developed by skim-rs. Skim has a code injection vulnerability, which stems from the generate-files task in pr.yml checking and executing forked code controlled by the attacker, potentially leading to key leakage. The following versions are...

7.4CVSS5.9AI score0.00281EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/20 6:31 a.m.3 views

Incorrect Synchronization

Overview fschat is an An open platform for training, serving, and evaluating large language model based chatbots. Affected versions of this package are vulnerable to Incorrect Synchronization in the form of synchronous invocation of the apigenerate and generategate functions in the Worker API. An...

8.7CVSS5.6AI score0.00623EPSS
Exploits0References2
OSV
OSV
added 2026/04/20 6:31 a.m.3 views

GHSA-5H65-JX66-J7P5 FastChat has Denial of Service Through Blocking Event Loop in Model Workers (Incomplete Fix for ff66426)

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

6.9CVSS5.4AI score0.00623EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/20 6:31 a.m.5 views

EUVD-2026-23778

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

6.9CVSS5.2AI score0.00623EPSS
Exploits0References9
NVD
NVD
added 2026/04/20 5:16 a.m.8 views

CVE-2026-6607

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

6.9CVSS0.00623EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/20 5:0 a.m.6 views

CVE-2026-6607

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

6.9CVSS5.2AI score0.00623EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/04/20 5:0 a.m.24 views

CVE-2026-6607

CVE-2026-6607 affects lm-sys FastChat up to version 0.2.36, specifically the Worker API Endpoint function api_generate. The issue allows remote manipulation leading to resource consumption; CVE details indicate a publicly disclosed exploit and a patch is available (patch id c9e84b89c91d45191dc244...

6.9CVSS5.5AI score0.00623EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.14 views

FastChat 安全漏洞

FastChat is an open-source platform developed by LMSYS for training, deploying, and evaluating chatbots based on large language models. Versions of FastChat prior to 0.2.36 contain security vulnerabilities, which stem from incorrect operations on the apigenerate function within the Worker API...

6.9CVSS6AI score0.00623EPSS
Exploits0References1
OSV
OSV
added 2026/04/17 4:27 p.m.6 views

CLSA-2026-1776443255 libxslt: Fix of CVE-2023-40403

CVE-2023-40403: make generate-id deterministic to prevent memory layout leak...

6.5CVSS7.1AI score0.01092EPSS
Exploits0References1
Rows per page
Query Builder