Lucene search
+L

1190 matches found

cve
cve
added 2026/05/05 4:0 a.m.13 views

CVE-2026-7811

Summary (CVE-2026-7811): A path traversal vulnerability affects 54yyyu code-mcp up to commit 4cfc4643541a110c906d93635b391bf7e357f4a8 in the MCP File Handler component. The is_safe_path function in src/code_mcp/server.py is implicated. Exploitation can be performed remotely. Public disclosure exi...

7.5CVSS6.6AI score0.00418EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/05 4:0 a.m.10 views

CVE-2026-7811

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function issafepath of the file src/codemcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...

7.5CVSS6.6AI score0.00418EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/05 4:0 a.m.40 views

CVE-2026-7811 54yyyu code-mcp MCP File server.py is_safe_path path traversal

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function issafepath of the file src/codemcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...

7.5CVSS0.00418EPSS
Exploits0References5
github
github
added 2026/05/04 8:22 p.m.11 views

OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens

Summary MCP loopback owner context is derived from server-issued bearer tokens. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact The loopback MCP path accepted spoofable owner-context metadata from request headers, which could...

8.5CVSS5.8AI score0.00112EPSS
Exploits0References5Affected Software1
ibm
ibm
added 2026/05/04 9:34 a.m.9 views

Security Bulletin: Resolved a vulnerability in PostCSS versions prior to 8.5.10

Summary Versions prior to 8.5.10 have a vulnerability enabling XSS, we updated the version of PostCSS to version 8.5.10 which resolved the issue Vulnerability Details CVEID:CVE-2026-41305 DESCRIPTION: PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the...

6.1CVSS5.8AI score0.00205EPSS
Exploits0Affected Software1
ossf
ossf
added 2026/05/04 12:1 a.m.9 views

Malicious code in @w3m-app/is_connected (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 793804fbeaedf1325065aa857a03e0aba4bacd06b686728efeeb4a406f2e2668 The package @w3m-app/isconnected was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
snyk
snyk
added 2026/05/04 12:1 a.m.11 views

Malicious Package

Overview @w3m-app/isconnected is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
osv
osv
added 2026/05/04 12:1 a.m.8 views

MAL-2026-3273 Malicious code in @w3m-app/is_connected (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 793804fbeaedf1325065aa857a03e0aba4bacd06b686728efeeb4a406f2e2668 The package @w3m-app/isconnected was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
nessus
nessus
added 2026/05/02 12:0 a.m.3 views

Fedora 43 : perl-CryptX (2026-3e1f671a17)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3e1f671a17 advisory. 0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1openssl, bcryptpbkdf, scryptpbkdf, argon2pbkdf - Crypt::Misc - new functions: randomv7uuid,...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/01 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the PM counter being incorrectly checked for cache values during multiple writes to the sysfs...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/04/28 12:0 a.m.13 views

CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

8.1CVSS6.2AI score0.04438EPSS
Exploits7References2
debiancve
debiancve
added 2026/04/28 12:0 a.m.4 views

CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

8.1CVSS6.3AI score0.04438EPSS
Exploits7
nessus
nessus
added 2026/04/25 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-31646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: lan966x: fix pagepool error handling in lan966xfdmarxallocpagepool pagepoolcreate can return an ERRPTR on failure. The return value is used unconditionally...

5.5CVSS6.2AI score0.00122EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/24 12:34 a.m.30 views

CVE-2026-40099 Kirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameter

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...

5.3CVSS0.00275EPSS
Exploits0References3
euvd
euvd
added 2026/04/24 12:23 a.m.6 views

EUVD-2026-25369

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... ...

7.6CVSS5.2AI score0.00334EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/04/24 12:0 a.m.8 views

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from the fact that the changeStatus permission does not take effect during page creation. This could allow authenticated...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/24 12:0 a.m.13 views

PT-2026-34998

In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool error handling in lan966x fdma rx alloc page pool page pool create can return an ERR PTR on failure. The return value is used unconditionally in the loop that follows, passing the error pointer through...

5.3AI score0.00122EPSS
Exploits0References6
euvd
euvd
added 2026/04/22 6:30 a.m.6 views

EUVD-2026-24607

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

3.7CVSS5.7AI score0.00215EPSS
Exploits0References2
osv
osv
added 2026/04/22 12:4 a.m.9 views

OSV-2026-608 Stack-buffer-overflow in is_http

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504809218 Crash type: Stack-buffer-overflow READ Crash state: ishttp stungetmessagelenstr FuzzStunClient.c...

5.7AI score
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/22 12:0 a.m.7 views

PT-2026-34250

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

3.7CVSS5.7AI score0.00215EPSS
Exploits0References4
Rows per page
Query Builder