40969 matches found
CVE-2026-7404
The CVE affects getsimpletool mcpo-simple-server up to 0.2.0. The vulnerability is in delete_shared_prompt (src/mcpo_simple_server/services/prompt_manager/base_manager.py), where manipulation of the detail argument enables relative path traversal. It can be exploited remotely, and a public exploi...
CVE-2026-7404
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...
CVE-2026-7403
A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...
CVE-2026-7403 geldata gel-mcp server.py fetch_rule path traversal
A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...
CVE-2026-7403 geldata gel-mcp server.py fetch_rule path traversal
A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...
CVE-2026-7403
CVE-2026-7403 affects geldata gel-mcp 0.1.0. The vulnerability is in src/gel_mcp/server.py, function list_rules/fetch_rule, where manipulating the argument rule_name enables path traversal. This could be exploited remotely; the exploit is publicly available. The project was informed of the issue ...
EUVD-2026-26287
A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...
CVE-2026-7401
CVE-2026-7401 affects SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The vulnerability targets the Registration component, specifically /index.php?action=register, where manipulation of the arguments student_id, full_name, section, or username enables cross-site scr...
CVE-2026-7401 SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting
A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument studentid/fullname/section/username results ...
CVE-2026-7401 SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting
A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument studentid/fullname/section/username results ...
EUVD-2026-26281
A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...
CVE-2026-7398 florensiawidjaja BioinfoMCP Upload Endpoint app.py upload path traversal
A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfomcpplatform/app.py of the component Upload Endpoint. This manipulation of the argument Name causes path traversal. The...
CVE-2026-7398 florensiawidjaja BioinfoMCP Upload Endpoint app.py upload path traversal
A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfomcpplatform/app.py of the component Upload Endpoint. This manipulation of the argument Name causes path traversal. The...
CVE-2026-7398
CVE-2026-7398 affects florensiawidjaja BioinfoMCP, specifically the Upload Endpoint’s bioinfo_mcp_platform/app.py Upload function. The issue arises from manipulation of the Name argument, enabling path traversal. The vulnerability is remotely exploitable and an exploit has been made public. No af...
CVE-2026-7396
CVE-2026-7396 : NousResearch hermes-agent 0.8.0 contains a path traversal vulnerability in the WeChat Work Platform Adapter, specifically in the file gateway/platforms/wecom.py. The issue arises from manipulation of an unknown functionality, allowing a remote attacker to traverse directories. The...
CVE-2026-7393
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...
CVE-2026-7394 SourceCodester Pizzafy Ecommerce System GET Parameter view_order.php sql injection
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/vieworder.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may ...
CVE-2026-7394
SourceCodester Pizzafy Ecommerce System 1.0 is affected by SQL Injection in the admin/view_order.php file via the id GET parameter. The vulnerability arises from insufficient sanitization before using the parameter in a MySQL query. An authenticated administrator can manipulate this parameter to ...
CVE-2026-7393
SourceCodester Pizzafy Ecommerce System 1.0 is affected in the admin_class_novo.php save_menu() function where the img upload parameter allows unrestricted uploads. The file path involved is Pizzafy/assets/img/, and an attacker with admin authentication could upload a crafted file (no validation ...
CVE-2026-7393 SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...