CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

6.5CVSS6.2AI score0.00055EPSS

CVE-2026-7729

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...

6.5CVSS6.3AI score0.00066EPSS

CVE-2026-7728

A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function getdoccontent/readdoc/updatedoc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal. The attack can be launched remotely. The exploit is publicly...

7.5CVSS6.7AI score0.01738EPSS

CVE-2026-7446

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...

7.5CVSS6.8AI score0.00073EPSS

CVE-2026-7272

A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generatematlabcode/executematlabcode of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can lead...

Snyk•added 2026/05/14 2:57 p.m.•8 views

Incomplete List of Disallowed Inputs

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate input validation in the validateCommandFlags and validateArgsForLocalFileAccess functions. An attacker can execute arbitrary commands on the server by bypassi...

8.8CVSS6.1AI score

Exploits0References2

Snyk•added 2026/05/14 2:57 p.m.•7 views

Incomplete List of Disallowed Inputs

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate input validation in the validateCommandFlags and validateArgsForLocalFileAccess functions. An attacker can execute arbitrary commands on the...

8.8CVSS6.1AI score

Exploits0References2

RedhatCVE•added 2026/05/05 8:21 p.m.•4 views

CVE-2026-7738

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...

6.5CVSS6.3AI score0.00089EPSS

RedhatCVE•added 2026/05/04 8:21 p.m.•5 views

CVE-2026-7600

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

6.5CVSS6.3AI score0.01521EPSS

RedhatCVE•added 2026/05/04 8:21 p.m.•4 views

CVE-2026-7645

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

6.9CVSS6.2AI score0.00089EPSS

NVD•added 2026/05/04 7:16 a.m.•5 views

CVE-2026-7738

6.5CVSS0.00089EPSS

Exploits0References6

NVD•added 2026/05/04 5:16 a.m.•5 views

CVE-2026-7729

6.5CVSS0.00055EPSS

Cvelist•added 2026/05/04 4:0 a.m.•31 views

CVE-2026-7730 privsim mcp-test-runner MCP index.ts child_process.spawn os command injection

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

6.5CVSS0.01521EPSS

Exploits0References6

ATTACKERKB•added 2026/05/04 4:0 a.m.•3 views

CVE-2026-7730

6.5CVSS6.4AI score0.01521EPSS

Exploits0References6Affected Software1

EUVD•added 2026/05/04 3:45 a.m.•6 views

EUVD-2026-26883

6.5CVSS5.5AI score0.00055EPSS

Vulnrichment•added 2026/05/04 3:30 a.m.•2 views

CVE-2026-7728 ryanjoachim mcp-rtfm MCP update_doc path traversal

6.5CVSS6.3AI score0.00066EPSS

Cvelist•added 2026/05/04 3:30 a.m.•32 views

CVE-2026-7728 ryanjoachim mcp-rtfm MCP update_doc path traversal

6.5CVSS0.00066EPSS

EUVD•added 2026/05/04 3:30 a.m.•2 views

EUVD-2026-26882

6.5CVSS5.5AI score0.00066EPSS

NVD•added 2026/05/04 1:16 a.m.•3 views

CVE-2026-7715

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...

6.5CVSS0.00066EPSS

Exploits0References6

CNNVD•added 2026/05/04 12:0 a.m.•4 views

Test Runner MCP 命令注入漏洞

Test Runner MCP is a multi-framework testing and result-analysis tool for PrivSim individual developers. Version 0.2.0 of Test Runner MCP contains a command injection vulnerability. This vulnerability stems from the use of the childprocess.spawn function in the MCP Interface component, which allo...

6.5CVSS6.5AI score0.01521EPSS