6 matches found
CVE-2026-44968 dbt-mcp: Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters
dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, rundbtcommand in src/dbtmcp/dbtcli/tools.py appended unsanitized nodeselection and resourcetype values to the dbt subprocess argument list, allowing an MCP client to inject dbt global flags such as --profiles-di...
Unsafe Dependency Resolution
Overview neuro-cortex-memory is a Scientifically-grounded memory system based on computational neuroscience research Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the CLAUDEPROJECTDIR environment variable, which is treated as a trusted source directory witho...
PT-2026-55214
Name of the Vulnerable Software and Affected Versions neuro-cortex-memory versions 3.17.0 and later Description Local arbitrary code execution is possible because the server treats the CLAUDE PROJECT DIR environment variable as a trusted source root. When the open visualization tool is invoked, t...
CVE-2026-3051
DataLinkDC dinky (up to 1.2.5) is affected by CVE-2026-3051. The vulnerability is in the getProjectDir function of git-related code (dinky-admin/src/main/java/org/dinky/utils/GitRepository.java, Project Name Handler). Improper handling of the projectName argument enables path traversal, with remo...
CVE-2026-3051 DataLinkDC dinky Project Name GitRepository.java getProjectDir path traversal
A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the component Project Name Handler. Such manipulation of the argument projectName leads to path traversal...
Dinky 路径遍历漏洞
Dinky is an open-source real-time computing platform developed by DataLinkDC. Versions of Dinky 1.2.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter projectName in the getProjectDir function of the Project Name Handler...