Lucene search
+L

6 matches found

Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-44968 dbt-mcp: Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters

dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, rundbtcommand in src/dbtmcp/dbtcli/tools.py appended unsanitized nodeselection and resourcetype values to the dbt subprocess argument list, allowing an MCP client to inject dbt global flags such as --profiles-di...

6.3CVSS0.00137EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/01 6:41 p.m.6 views

Unsafe Dependency Resolution

Overview neuro-cortex-memory is a Scientifically-grounded memory system based on computational neuroscience research Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the CLAUDEPROJECTDIR environment variable, which is treated as a trusted source directory witho...

8.5CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-55214

Name of the Vulnerable Software and Affected Versions neuro-cortex-memory versions 3.17.0 and later Description Local arbitrary code execution is possible because the server treats the CLAUDE PROJECT DIR environment variable as a trusted source root. When the open visualization tool is invoked, t...

8.5CVSS6.5AI score
Exploits0References8
CVE
CVE
added 2026/02/24 1:2 a.m.16 views

CVE-2026-3051

DataLinkDC dinky (up to 1.2.5) is affected by CVE-2026-3051. The vulnerability is in the getProjectDir function of git-related code (dinky-admin/src/main/java/org/dinky/utils/GitRepository.java, Project Name Handler). Improper handling of the projectName argument enables path traversal, with remo...

7.6CVSS6.1AI score0.06507EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/24 1:2 a.m.4 views

CVE-2026-3051 DataLinkDC dinky Project Name GitRepository.java getProjectDir path traversal

A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the component Project Name Handler. Such manipulation of the argument projectName leads to path traversal...

5.3CVSS6AI score0.06507EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.11 views

Dinky 路径遍历漏洞

Dinky is an open-source real-time computing platform developed by DataLinkDC. Versions of Dinky 1.2.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter projectName in the getProjectDir function of the Project Name Handler...

7.6CVSS6.6AI score0.06507EPSS
Exploits1References5
Rows per page
Query Builder