SUSE SLES16: libppsdocument4_0-5 / libppsview4_0-4 / nautilus-extension-papers / etc (SUSE-SU-2026:22182-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:22182-1 advisory. This update for papers fixes the following issues Security issue: - CVE-2026-46529: command injection bsc1265880. Changes for papers: -...

SUSE-SU-2026:22182-1 Security update for papers

This update for papers fixes the following issues Security issue: - CVE-2026-46529: command injection bsc1265880. Changes for papers: - Update to version 48.10 bsc1265880: - Update to version 48.9 jscPED-15957, bsc1261947: - Bug fixes: - Saved image files are empty - Print dialog says "Manage...

Important: papers

Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue RUSTSEC-2026-0097 was also found in the bundled Rust rand crate. ThreadRng methods us...

CVE-2025-61307

A reflected cross-site scripted XSS vulnerability in the acc-menupapers.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

CVE-2026-7318

A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function searchpapers of the file researchserver.py. The manipulation of the argument topic results in path traversal. Attacking locally is a requirement. The exploit is now public and may be used. The project was...

CVE-2026-7205

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function searchpapers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly...

Ubuntu 25.10 / 26.04 LTS : Papers vulnerability (USN-8321-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8321-1 advisory. It was discovered that Papers incorrectly handled PDF /GoToR actions. If a user were tricked into opening a specially crafted PDF file, an attacker could...

USN-8321-1 papers vulnerability

It was discovered that Papers incorrectly handled PDF /GoToR actions. If a user were tricked into opening a specially crafted PDF file, an attacker could use this issue to manipulate command lines and possibly execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2026-46529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single- click remote code execution vulnerability in versions...

EUVD-2025-209766

A reflected cross-site scripted XSS vulnerability in the acc-menupapers.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

CVE-2025-61307

A reflected cross-site scripted XSS vulnerability in the acc-menupapers.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

CVE-2025-61307

A reflected cross-site scripted XSS vulnerability in the acc-menupapers.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

CVE-2025-61307

CVE-2025-61307 describes a reflected XSS in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c. The vulnerability allows attackers to inject arbitrary Javascript into a user’s browser by crafting a payload into an unfiltered variable value. Documents specif...

exploitdb

The Exploit Database Git Repository This is an official repos...

CVE-2026-7384

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function searchpapers of the file researchserver.py. Performing a manipulation of the argument topic results in path traversal. Remote...

EUVD-2026-26238

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function searchpapers of the file researchserver.py. Performing a manipulation of the argument topic results in path traversal. Remote...

CVE-2026-7384

The CVE-2026-7384 entry concerns ezequiroga mcp-bases (commit 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c). It affects the function search_papers in research_server.py. A path traversal vulnerability is triggered by manipulating the topic argument, leading to...

PT-2026-35930

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search papers of the file research server.py. Performing a manipulation of the argument topic results in path traversal. Remote...

MCP Research Assistant 路径遍历漏洞

MCP Research Assistant is a scholarly paper search and analysis tool developed by ezequiroga. MCP Research Assistant has a path traversal vulnerability, which stems from improper handling of the topic parameter in the searchpapers function within the researchserver.py file. This improper handling...

CVE-2026-7318

A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function searchpapers of the file researchserver.py. The manipulation of the argument topic results in path traversal. Attacking locally is a requirement. The exploit is now public and may be used. The project was...