Lucene search
K

458 matches found

CVE
CVE
added 2026/05/01 2:14 p.m.18 views

CVE-2026-31731

In CVE-2026-31731, the Linux kernel thermal management subsystem has a race where a thermal zone removal during resume can cause use-after-free. Root cause: thermal_zone_pm_complete() and thermal_zone_device_resume() re-initialize the poll_queue delayed work, so cancel_delayed_work_sync() in ther...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/01 1:15 p.m.8 views

CVE-2026-7581

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function onprepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out...

5.3CVSS0.00169EPSS
Exploits0References8
CVE
CVE
added 2026/05/01 1:0 p.m.14 views

CVE-2026-7581

The CVE describes a vulnerability in alexta69 MeTube up to 2026.04.09, affecting the CORS Policy implementation (function on_prepare in app/main.py). The issue results in a permissive cross-domain policy that can interact with untrusted domains and is exploitable remotely. A public exploit is ind...

5.3CVSS5.3AI score0.00169EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/01 1:0 p.m.32 views

CVE-2026-7581 alexta69 MeTube CORS Policy main.py on_prepare cross-domain policy

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function onprepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out...

5.3CVSS0.00169EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/01 1:0 p.m.6 views

EUVD-2026-26501

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function onprepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out...

5.3CVSS5.3AI score0.00169EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.11 views

MeTube 访问控制错误漏洞

MeTube is a self-hosted multi-site video download tool developed by Alex. Versions of MeTube prior to 2026.04.09 contained an access control vulnerability. This vulnerability stemmed from a cross-domain policy relaxation issue in the onprepare function of the app/main.py file in the CORS Policy...

5.3CVSS5.8AI score0.00169EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36322

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on prepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out...

5.3CVSS5.3AI score0.00169EPSS
Exploits0References9
Snyk
Snyk
added 2026/04/27 9:31 p.m.9 views

Directory Traversal

Overview kaggle-mcp is an A MCP server for kaggle apis Affected versions of this package are vulnerable to Directory Traversal via the preparekaggledataset function in src/kagglemcp/server.py when processing the competitionid argument. An attacker can access arbitrary files on the server by...

7.5CVSS7.5AI score0.00411EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/27 9:31 p.m.7 views

kaggle-mcp has a Path Traversal issue

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.5CVSS6.7AI score0.00411EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/04/27 9:31 p.m.3 views

GHSA-Q882-JC55-6343 kaggle-mcp has a Path Traversal issue

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.3CVSS5.4AI score0.00411EPSS
Exploits0References6
NVD
NVD
added 2026/04/27 7:16 p.m.6 views

CVE-2026-7149

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.5CVSS0.00411EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 6:45 p.m.6 views

EUVD-2026-25911

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.5CVSS5.2AI score0.00411EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/27 6:45 p.m.29 views

CVE-2026-7149 dexhunter kaggle-mcp server.py prepare_kaggle_dataset path traversal

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.5CVSS0.00411EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 6:45 p.m.3 views

CVE-2026-7149

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.5CVSS6.9AI score0.00411EPSS
Exploits0References5
CVE
CVE
added 2026/04/27 6:45 p.m.16 views

CVE-2026-7149

CVE-2026-7149 affects dexhunter kaggle-mcp: path traversal vulnerability in src/kaggle_mcp/server.py::prepare_kaggle_dataset caused by manipulating the competition_id. Attack is remote and publicly disclosed; no explicit affected version details can be given due to rolling-release policy. Project...

7.5CVSS7AI score0.00411EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.12 views

kaggle-mcp MCP server 路径遍历漏洞

Kaggle-mcp MCP server is a MCP server tool developed by Dex’s individual developers for Kaggle APIs. The kaggle-mcp MCP server has a path traversal vulnerability. This vulnerability stems from improper handling of the competitionid parameter in the preparekaggledataset function located in the...

7.5CVSS7.1AI score0.00411EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 3:16 p.m.6 views

CVE-2026-31654

In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in mmapregion commit 605f6586ecf7 "mm/vma: do not leak memory when .mmapprepare swaps the file" handled the success path by skipping getfile via filedoesntneedget, but missed the error path. When /dev/zero...

5.5CVSS0.00113EPSS
Exploits0References2
CVE
CVE
added 2026/04/24 2:45 p.m.13 views

CVE-2026-31654

CVE-2026-31654 affects the Linux kernel mm/vma path for mmap-backed shared mappings (notably /dev/zero). The root cause was a memory leak: when __mmap_new_vma() fails after shmem_zero_setup_desc() allocates a replacement shmem file, that new file isn’t released in the error path, leaving an unref...

5.5CVSS5.4AI score0.00113EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/22 3:31 p.m.5 views

EUVD-2026-24762

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer dereference in netfsunbufferedwrite on retry When a write subrequest is marked NETFSSREQNEEDRETRY, the retry path in netfsunbufferedwrite unconditionally calls stream-preparewrite without checking if it is...

5.6AI score0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/04/22 2:16 p.m.3 views

CVE-2026-31437

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer dereference in netfsunbufferedwrite on retry When a write subrequest is marked NETFSSREQNEEDRETRY, the retry path in netfsunbufferedwrite unconditionally calls stream-preparewrite without checking if it is...

5.5CVSS0.00121EPSS
Exploits0References3
Rows per page
Query Builder