CVE-2026-7237 AgiFlow scaffold-mcp write-to-file Tool index.ts path traversal

A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...

CVE-2026-7237 AgiFlow scaffold-mcp write-to-file Tool index.ts path traversal

A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...

scaffold-mcp 路径遍历漏洞

Scaffold-mcp is a scaffolding tool developed by AgiFlow for quickly building model context protocols. Versions of scaffold-mcp 1.0.27 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the filepath parameter in the packages/scaffold-mcp/src/server/index.ts file...

CVE-2026-31975 Cloud CLI WebSocket shell injection

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Both projectPath and initialCommand in server/index.js are taken directly from the WebSocket message payload and interpolated into...

FreeRDP 安全漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.22.0 contained security vulnerabilities. These vulnerabilities stemmed from the URBDRC client using the interface number provided by the server as an array index without...

CVE-2025-57078

CVE-2025-57078 affects Tenda G3 router (version 3.0br_V15.11.0.17). A stack overflow exists in the pppoeServerWhiteMacIndex parameter within the formModifyPppAuthWhiteMac function. Exploitation could yield a Denial of Service via a crafted request. The CVSS 3.1 metrics indicate network access, no...

CVE-2025-57078

Tenda G3 v3.0brV15.11.0.17 was discovered to contain a stack overflow in the pppoeServerWhiteMacIndex parameter in the formModifyPppAuthWhiteMac function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2024-4164

A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.179502. This issue affects the function formModifyPppAuthWhiteMac of the file /goform/ModifyPppAuthWhiteMac. The manipulation of the argument pppoeServerWhiteMacIndex leads to stack-based buffer overflow. The...

NethServer nethserver-phonenehome SQL注入漏洞

nethserver-phonenehome is an open source application for NethServer. It is used to track all NethServer installations worldwide. NethServer nethserver-phonenehome suffers from a SQL injection vulnerability that originates from a security issue in the function getinfo/getcountrycoor in the file...

Joomla Component com_productbook SQL Injection Vulnerability

No description provided by source. Joomla Component "comproductbook" SQL Injection Vulnerability ======================================================== .:. Author : Snakespc .:. Home : sec-war.com/cc .:. Script : Joomla .:. Bug Type : SQL Injection .:. Dork : inurl:"comproductbook" === Exploit...