717 matches found
Oracle MCP Server Helper Tool SQL注入漏洞
The Oracle MCP Server Helper Tool is a server assistance tool developed by Oracle Corporation. Versions 1.0.1 to 1.0.156 of the Oracle MCP Server Helper Tool contain SQL injection vulnerabilities. These vulnerabilities stem from issues with the helper tool component, allowing unauthenticated...
CVE-2026-7653
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...
CVE-2026-7599
A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...
CVE-2026-7600
A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...
CVE-2026-7738
CVE-2026-7738 affects puchunjie doc-tools-mcp 1.0.18, specifically the MCP Interface’s file src/mcp-server.ts, in the functions create_document/open_document. The root cause is manipulation of the argument filePath, leading to a path traversal vulnerability. This could allow remote attackers to a...
CVE-2026-7738 puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...
CVE-2026-7715
Technical details are not publicly available in the provided documents. Monitor for updates from the project and CVE entry.
CVE-2026-7715
A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...
CVE-2026-7715 ravenwits mcp-server-arangodb MCP tools.ts arango_backup path traversal
A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...
EUVD-2026-26866
A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...
Directus MCP Server 代码问题漏洞
The Directus MCP Server is a model context protocol server developed by pixelsock’s individual developers, which connects AI with content management systems. Version 1.0.0 of the Directus MCP Server contains code vulnerabilities. These vulnerabilities stem from the function validateUrl in the MCP...
PT-2026-36743
Name of the Vulnerable Software and Affected Versions ravenwits mcp-server-arangodb versions prior to 0.4.8 Description A path traversal issue exists in the MCP Interface component within the arango backup function of the src/tools.ts file. A remote attacker can manipulate the outputDir argument ...
Arbitrary Command Injection
Overview mcp-server-rijksmuseum is a Affected versions of this package are vulnerable to Arbitrary Command Injection via the openimageinbrowser function. An attacker can execute arbitrary operating system commands by manipulating the imageUrl argument remotely. Remediation There is no fixed versi...
CVE-2026-7653
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...
CVE-2026-7653
Affected product : r-huijts mcp-server-rijksmuseum (MCP Interface) up to 1.0.4. Vulnerable component/function : open_image_in_browser in src/index.ts. Vulnerability : Performing a manipulation of the argument imageUrl results in an OS command injection. The attack can be carried out remotely (net...
CVE-2026-7653 r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...
GHSA-GC8W-X73W-P4RH yii2-mcp-server has a Command Injection Issue
A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...
Arbitrary Command Injection
Overview yii2-mcp-server is a MCP Server for Yii2 Framework - Database schema inspection, command execution, and project management Affected versions of this package are vulnerable to Arbitrary Command Injection via the yiicommandhelp or yiiexecutecommand functions in the MCP Interface. An attack...
yii2-mcp-server has a Command Injection Issue
A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...
CVE-2026-7600
A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...