EUVD-2026-25962

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function searchpapers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly...

CVE-2026-6980

CVE-2026-6980 concerns Divyanshu-hash GitPilot-MCP (up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd). The issue affects the repo_path function in main.py, where manipulation of the argument can lead to command injection. Exploitation is described as remote and is publicly disclosed. The descriptio...

CVE-2026-6980 Divyanshu-hash GitPilot-MCP main.py repo_path command injection

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

CVE-2026-6980 Divyanshu-hash GitPilot-MCP main.py repo_path command injection

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

GitPilot MCP 注入漏洞

GitPilot MCP is an automated GitHub contribution intelligent proxy tool developed by Divyanshu Giri. The GitPilot MCP 9ed9f153ba4158a2ad230ee4871b25130da29ffd version previously had a injection vulnerability. This vulnerability stemmed from improper handling of the command parameter in the repopa...

PT-2026-35150

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repo path of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

CVE-2025-10767

A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remoteupload/remotedownload of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration"PASSWORD" results in os command injection. The...

Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart

CVE-2024-48990 Exploit My full writeup for how I came to re-...

MAL-2024-12257 Malicious code in discord-token-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 44f591d196b048c4cad8da1cc1399681e22a2d5786fb212fda7c920aed8c2b07 osint packages promise to be OSINT tool, however, when providing the username to search for, the package attempts to exfiltrate Discord tokens from the user. T...

DeepFaceLab Code Issues Vulnerabilities

DeepFaceLab is a leading software for video face swapping by iperov individual developers. A code issue vulnerability exists in version DeepFaceLab DF.wf.288res.384.92.72.22, which stems from a deserialization vulnerability in the function applyxseg in the file main.py...

Sql injection

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search aka websitesearchblog v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component...

CVE-2023-48049

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search aka websitesearchblog v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component...

CVE-2023-43364

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution...

Remote code execution

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution...

CVE-2023-43364

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution...

Searchor Security Breach

Searchor is an all-in-one PyPi Python library by Arjun Sharda, an individual developer. It simplifies web crawling, fetching topic information, and generating search query URLs. A security vulnerability exists in Searchor prior to version 2.4.2, which is caused by a code execution vulnerability i...

PT-2023-28807 · Searchor · Searchor

Name of the Vulnerable Software and Affected Versions: Searchor versions prior to 2.4.2 Description: The issue allows an attacker to execute arbitrary code via a crafted script to the eval function in Searchor's main.py file, affecting the search feature in Searchor's Command Line Interface. This...

CVE-2023-40956

A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component...

Sql injection

A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component...

CVE-2023-40956

A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component...