Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded yesterday1 views

CVE-2026-10264

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

5.1CVSS5.3AI score0.00021EPSS
Exploits0References1
Cvelist
Cvelistadded 3 days ago24 views

CVE-2026-10264 lharries whatsapp-mcp Send API Endpoint main.go SendMessageRequest path traversal

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

5.1CVSS0.00021EPSS
Exploits0References8
CNNVD
CNNVDadded 3 days ago3 views

WhatsApp MCP Server path traversal vulnerability

WhatsApp MCP Server is a WhatsApp messaging search and sending tool developed by Luke Harries. Version 0.0.1 of WhatsApp MCP Server has a path traversal vulnerability. This vulnerability stems from incorrect handling of the mediaPath parameter in the SendAPIEndpoint component’s SendMessageRequest...

5.1CVSS5.8AI score0.00021EPSS
Exploits0References8
CVE
CVEadded 2026/03/05 10:0 p.m.8 views

CVE-2026-29611

OpenClaw vulnerability in BlueBubbles extension media path handling affects OpenClaw versions prior to 2026.2.14. The sendBlueBubblesMedia function fails to validate mediaPath against an allowlist, allowing local file inclusion and reading arbitrary files from the host (e.g., /etc/passwd) to be e...

8.2CVSS6AI score0.00044EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/03/05 10:0 p.m.27 views

CVE-2026-29611 OpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media Handling

OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...

8.2CVSS0.00044EPSS
Exploits0References3
Prion
Prionadded 2022/02/24 9:15 p.m.11 views

Path traversal

An Authenticated Remote Code Exection RCE vulnerability exists in Xerte through 3.9 in websitecode/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files...

6.5CVSS8.8AI score0.14975EPSS
Exploits4References4Affected Software1
CNNVD
CNNVDadded 2022/02/24 12:0 a.m.2 views

Xerte 代码问题漏洞

Xerte is an open source software from The Xerte Project community in the UK. Xerte is vulnerable to a code issue where a maliciously crafted php file can be uploaded via a project interface disguised as a language file to bypass upload filters. An attacker could exploit the vulnerability to...

8.8CVSS5.8AI score0.14975EPSS
Exploits4References8
Rows per page
Query Builder