Lucene search
K

16 matches found

EUVD
EUVD
added 2026/06/10 5:31 p.m.10 views

EUVD-2026-36072

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...

3.6CVSS5.4AI score0.00114EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/05 6:31 a.m.9 views

EUVD-2026-27215

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function issafepath of the file src/codemcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...

7.5CVSS5.4AI score0.00418EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/05 4:0 a.m.35 views

CVE-2026-7811 54yyyu code-mcp MCP File server.py is_safe_path path traversal

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function issafepath of the file src/codemcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...

7.5CVSS0.00418EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/05 4:0 a.m.6 views

CVE-2026-7811

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function issafepath of the file src/codemcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...

7.5CVSS6.6AI score0.00418EPSS
Exploits0References5
CVE
CVE
added 2026/05/05 4:0 a.m.12 views

CVE-2026-7811

Summary (CVE-2026-7811): A path traversal vulnerability affects 54yyyu code-mcp up to commit 4cfc4643541a110c906d93635b391bf7e357f4a8 in the MCP File Handler component. The is_safe_path function in src/code_mcp/server.py is implicated. Exploitation can be performed remotely. Public disclosure exi...

7.5CVSS6.6AI score0.00418EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/21 10:45 p.m.3 views

CVE-2026-24047

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...

6.3CVSS5.5AI score0.0043EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/21 10:45 p.m.3 views

CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...

6.3CVSS5.7AI score0.0043EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.10 views

PT-2026-3876

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 0.1.17 Description The resolveSafeChildPath utility function in @backstage/backend-plugin-api did not properly validate symlink chains and dangling symlinks, leading to a path traversal issue. An attacker could bypa...

6.3CVSS5.4AI score0.0043EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/08 3:15 a.m.13 views

CVE-2025-67364

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fastreadfile. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed...

7.5CVSS6.7AI score0.00583EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/07 5:41 p.m.3 views

Directory Traversal

Overview fast-filesystem-mcp is a Fast Filesystem MCP Server - Advanced file operations with Auto-Chunking, Sequential Reading, complex file operations copy, move, delete, batch, compress, optimized for Claude Desktop Affected versions of this package are vulnerable to Directory Traversal via the...

7.5CVSS7.5AI score0.00583EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/09/02 5:14 p.m.6 views

MobSF Path Traversal in GET /download/<filename> using absolute filenames

Summary The GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWDDIR download directory from "neighboring" directories whose absolute paths begin with the same prefix as DWDDIR e.g., .../downloadsbak,...

5.3CVSS6.9AI score0.0073EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.6 views

PT-2025-19748 · Unknown · Retrieval-Based-Voice-Conversion-Webui

Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The ckpt path2 variable takes user input, such as a path to a model, and...

9.8CVSS7.1AI score0.00793EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/02/23 12:0 a.m.6 views

Backstage Security Vulnerabilities

Backstage is a software application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage backend-common, which stems from insufficiently detailed path checking using "resolveSafeChildPath". The vulnerability can be exploited to access files a...

8.7CVSS6.7AI score0.00801EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2013/02/21 12:0 a.m.35 views

RHEL 6 : gdb (RHSA-2013:0522)

Updated gdb packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

6.9CVSS7.5AI score0.0036EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2012/08/20 12:0 a.m.25 views

Fedora 16 : gdb-7.3.50.20110722-16.fc16 (2012-6614)

Update 'set auto-load' patchset and the --with-auto-load-safe-path setting. Security fix for loading untrusted inferiors, see 'set auto-load'. Security fix for loading untrusted inferiors, see 'set auto-load'. Workaround crashes from stale frameinfo pointer BZ 804256. Security fix for loading...

6.9CVSS7.2AI score0.0036EPSS
Exploits1References4
Check Point Advisories
Check Point Advisories
added 2009/10/14 12:0 a.m.3 views

Adobe Reader DOC.Export Methods Arbitrary File Creation (APSB09-15; CVE-2009-2993)

Portable Document Format PDF is an open file format created by Adobe Systems. It is used for representing two-dimensional documents in a device and resolution independent fixed-layout document format. A vulnerability has been discovered in Adobe Reader. The vulnerability is due to several...

9.3CVSS6.3AI score0.06672EPSS
Exploits1
Rows per page
Query Builder