CVE-2026-7811

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function issafepath of the file src/codemcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...

CVE-2026-7811

Summary (CVE-2026-7811): A path traversal vulnerability affects 54yyyu code-mcp up to commit 4cfc4643541a110c906d93635b391bf7e357f4a8 in the MCP File Handler component. The is_safe_path function in src/code_mcp/server.py is implicated. Exploitation can be performed remotely. Public disclosure exi...

CVE-2026-7712

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...

CVE-2026-7718

A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...

EUVD-2026-27153

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

PT-2026-37248

Name of the Vulnerable Software and Affected Versions Inngest versions 3.22.0 through 3.53.1 Description Unauthenticated remote attackers can exfiltrate environment variables from the host process via the 'serve' HTTP handler. While the 'serve' handler implements GET, POST, and PUT methods,...

PT-2026-37216

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow occurs in the HTTP Request Handler component when manipulating the Name argument. This issue is located within the tggl asp function of the '/tggl.asp' endpoint and can be trigger...

CVE-2026-31196

The traceroute diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...

CVE-2026-31196

The vulnerability CVE-2026-31196 affects ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway. The traceroute diagnostic handler (/bin/httpd_clientside) unsafely inserts user-supplied destAddr input into a system() call, enabling authenticated remote attackers to execute arbitrar...

PT-2026-36972

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is safe path of the file src/code mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...

Cisco Smart Software Manager On-Prem Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Smart Software Manager On-Prem is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Smart Software Manager On-Prem due to a signal handler race condition found in sshd, where a client does not authenticate within...

ROS-20260505-73-0049

A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...

ROS-20260505-73-0015

A vulnerability in the ElementDeclHandler component of the Python Programming Language Interpreter CPython is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of wcscat to copy the server field in NamedPipeServer::OpenHandler, without verifying the...

LangChain-Chatchat 加密问题漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of LangChain-Chatchat 0.3.1.3 and earlier had an encryption vulnerability. This vulnerability stems from a function in the Uploaded File Handler component, specifically th...

Cisco Unified Computing System Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Unified Computing System is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Unified Computing System due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime...

PT-2026-37223

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow exists in the CGI Handler component within the /user group.asp file. This issue occurs in the sprintf function and can be triggered remotely through manipulation. Recommendations ...

Cisco Secure Email and Web Manager Remote Code Execution Vulnerability (regreSSHion) (cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Secure Email and Web Manager is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Secure Email and Web Manager due to a signal handler race condition found in sshd, where a client does not authenticate within...

Cisco Prime Infrastructure Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Prime Infrastructure is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Prime Infrastructure due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime seconds,...

LangChain-Chatchat 加密问题漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of Langchain-Chatchat 0.3.1.3 and earlier had encryption-related vulnerabilities. These vulnerabilities stemmed from an issue in the Vision Chat Paste Image Handler...