CVE-2026-7233

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...

CVE-2026-7223

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

CVE-2026-7220

The CVE-2026-7220 entry concerns jackwrichards FastlyMCP (fastly_cli Tool) up to commit 6f3d0b0e654fc51076badc7fa16c03c461f95620, affecting fastly-mcp.mjs. The vulnerability arises from manipulation of the command argument, enabling an OS command injection. It can be exploited remotely, and the e...

EUVD-2026-25973

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...

CVE-2026-7214 eghuzefa engineer-your-data server.py file_inf path traversal

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function readfile/writefile/listfiles/fileinf of the file src/server.py. The manipulation of the argument WORKSPACEPATH leads to path traversal. The attack may be initiated remotely. The...

EUVD-2026-25966

A vulnerability was detected in ef10007 MLOpsMCP 1.0.0. This impacts an unknown function of the file fastmcpserver.py of the component savefile Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now public...

CVE-2026-7039

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...

CVE-2026-7205

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function searchpapers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly...

EUVD-2026-25965

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

CVE-2026-7205

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function searchpapers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly...

EUVD-2026-25962

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function searchpapers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly...

CVE-2026-7205 duartium papers-mcp-server main.py search_papers path traversal

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function searchpapers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly...

PT-2026-35725

A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generate matlab code/execute matlab code of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can...

PT-2026-35576

A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp server.py of the component Git Search API. Executing a manipulation of the argument repo url/pattern can lead to command injection. The attack can be executed...

PT-2026-35674

Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to...

PT-2026-35752

A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

PT-2026-36157

🚨 CVE-2024-54011 Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report fo...

PT-2026-35672

A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/component server/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploi...

PT-2026-35586

A vulnerability was detected in ef10007 MLOps MCP 1.0.0. This impacts an unknown function of the file fastmcp server.py of the component save file Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now...

PT-2026-35675

Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...