18914 matches found
CVE-2026-15526
A vulnerability in augmnt augments-mcp-server 7.1.0 affects the function scanProjectDeps (src/tools/v4/scan-project-deps.ts) of the scan_project_deps component. The issue arises from manipulating the argument packageJsonPath, enabling path traversal. The attack is local, and a proof-of-concept/ex...
CVE-2026-15526 augmnt augments-mcp-server scan_project_deps scan-project-deps.ts scanProjectDeps path traversal
A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scanprojectdeps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be...
CVE-2026-15517
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be...
CVE-2026-49977
creationtimestamp| type| source ---|---|--- 2026-07-10 18:35:03+00:00| published-proof-of-concept| https://github.com/AmauriC/tarteaucitron.js/security/advisories/GHSA-jxj7-g6gm-49j7...
EUVD-2026-42923
A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-52769
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:21+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-vw42-752g-5mrp...
CVE-2026-52770
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:19+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-qg78-vmvc-fhjw...
CVE-2026-52773
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:12+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-35f3-pg38-486f...
CVE-2026-52774
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:10+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-r5xw-gcgw-hwp5 2026-07-13 06:00:05+00:00| confirmed|...
CVE-2026-15276
A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown code of the component Metadata Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit has been published and may be used. The pull request to fix this...
CVE-2026-15276
A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown code of the component Metadata Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit has been published and may be used. The pull request to fix this...
CVE-2026-15276
Symphonia (pdeljanov) up to version 0.6.0 exposes a denial-of-service vulnerability in the Metadata Handler. The issue affects unknown code paths; exploitation requires local access and a publicly published exploit exists. A fix is in a pull request but has not yet been accepted. The advisory not...
CVE-2026-54005
Kirby CMS has a vulnerability tracked as CVE-2026-54005 where the /api/site/find route does not check the pages.access permission. Prior to versions 4.9.4 and 5.4.4, authenticated users who know or guess page IDs or UUIDs could retrieve full page content and metadata for arbitrary published pages...
CVE-2026-15191 mettle sendportal Campaign Creation Endpoint CampaignStoreRequest.php authorization
A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code of the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php of the component Campaign Creation Endpoint. Executing a manipulation can lead to authorization bypass. The attack c...
CVE-2026-50554
creationtimestamp| type| source ---|---|--- 2026-07-09 14:35:10+00:00| published-proof-of-concept| https://github.com/enchant97/note-mark/security/advisories/GHSA-588f-fvcv-xhvf...
CVE-2026-53727
creationtimestamp| type| source ---|---|--- 2026-07-09 14:35:05+00:00| published-proof-of-concept| https://github.com/premailer/cssparser/security/advisories/GHSA-9pmc-p236-855h...
CVE-2026-50553
creationtimestamp| type| source ---|---|--- 2026-07-09 14:02:22+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq7sctc67r25 2026-07-09 14:35:07+00:00| published-proof-of-concept| https://github.com/enchant97/note-mark/security/advisories/GHSA-rqrh-8wpv-x7hh...
EUVD-2026-42468
A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...
PT-2026-56991
Name of the Vulnerable Software and Affected Versions pdeljanov Symphonia versions prior to 0.6.1 Description A flaw in the Metadata Handler component allows a local attacker to cause a denial of service. Recommendations At the moment, there is no information about a newer version that contains a...
CVE-2026-50197
creationtimestamp| type| source ---|---|--- 2026-07-08 22:35:12+00:00| published-proof-of-concept| https://github.com/zalando/skipper/security/advisories/GHSA-659f-rgp5-w4wf...