EUVD-2026-19170

A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument configpath results in os command injection. Attacking locally is a requirement...

CVE-2026-5621 ChrisChinchilla Vale-MCP HTTP index.ts os command injection

A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument configpath results in os command injection. Attacking locally is a requirement...

CVE-2026-5621 ChrisChinchilla Vale-MCP HTTP index.ts os command injection

A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument configpath results in os command injection. Attacking locally is a requirement...

CVE-2026-5621

CVE-2026-5621 affects ChrisChinchilla Vale-MCP up to version 0.1.0. The vulnerability targets the HTTP Interface, specifically the file src/index.ts, where manipulation of the argument config_path enables an OS command injection. An attacker must be local to exploit it. The exploit is public, and...

📄 ASP.net 8.0.10 HTTP Request Smuggling / Authentication Bypass

ASP.net version 8.0.10 suffers from HTTP request smuggling, bypass, and server-side request forgery vulnerabilities. Exploit Title: ASP.net 8.0.10 - Bypass Date: 2025-11-03 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer CV...

goshs 路径遍历漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.3 contained a path traversal vulnerability. This vulnerability stemmed from the lack of return statements after path traversal checks...

PT-2026-30571

A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...

ASP.net 8.0.10 - Bypass

Exploit Title: ASP.net 8.0.10 - Bypass Date: 2025-11-03 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer CVE: CVE-2025-55315 Tested on: .NET Kestrel unpatched - ASP.NET Core on localhost lab environment Platform: remote Type...

PT-2026-30564

Name of the Vulnerable Software and Affected Versions ChrisChinchilla Vale-MCP versions up to 0.1.0 Description A vulnerability exists in ChrisChinchilla Vale-MCP up to version 0.1.0, specifically within the file src/index.ts of the HTTP Interface component. The manipulation of the config path...

curl_cffi 代码问题漏洞

curlcffi is a Python HTTP client library developed by Lexiforest personal developers, which supports browser fingerprint simulation. Versions of curlcffi prior to 0.15.0 have code vulnerabilities. These vulnerabilities stem from the lack of restrictions on requests directed to internal IP ranges,...

CVE-2026-5563 AutohomeCorp frostmourne Alarm Preview previewData httpTest sql injection

A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released...

CVE-2026-5563

A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released...

CVE-2026-5550 Tenda AC10 httpd fromSysToolChangePwd stack-based overflow

A vulnerability was identified in Tenda AC10 16.03.10.10multiTDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected...

CVE-2026-5550

A vulnerability was identified in Tenda AC10 16.03.10.10multiTDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected...

CVE-2026-5531 SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext storage in file

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...

CVE-2026-5531

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...

Debian dsa-6199 : trafficserver - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6199 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6199-1 [email protected] https://www.debian.org/securit...

Tenda AC10 安全漏洞

The Tenda AC10 is a wireless router produced by the Chinese company Tenda. There is a security vulnerability in the version 16.03.10.10multiTDE01 of the Tenda AC10; this vulnerability stems from a stack buffer overflow in the fromSysToolChangePwd function located in the /bin/httpd directory...

CVE-2026-5528

A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may...

CVE-2026-5528 MoussaabBadla code-screenshot-mcp HTTP os command injection

A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may...