PT-2026-45869

Name of the Vulnerable Software and Affected Versions ahujasid blender-mcp versions prior to 5b37be25242e73dc4cf1328974d30458b9e5d67e Description Server-side request forgery can be executed remotely via the ZIP File Handler component. The issue exists in the requests.get function within the...

CVE-2026-7810

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...

EUVD-2026-27217

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function gitoperation of the file src/codemcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack...

CVE-2026-7812 54yyyu code-mcp MCP Tool server.py git_operation command injection

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function gitoperation of the file src/codemcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack...

CVE-2026-7812

CVE-2026-7812 describes a remote command injection in 54yyyu code-mcp MCP Tool. The vulnerability affects the function git_operation in src/code_mcp/server.py, exploitable by manipulating the operation argument. An exploit has been published, and the attack can be initiated remotely with low comp...

CVE-2026-7812 54yyyu code-mcp MCP Tool server.py git_operation command injection

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function gitoperation of the file src/codemcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack...

CVE-2026-7811 54yyyu code-mcp MCP File server.py is_safe_path path traversal

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function issafepath of the file src/codemcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...

CVE-2026-7810 UsamaK98 python-notebook-mcp server.py add_cell path traversal

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-7810

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-7810 UsamaK98 python-notebook-mcp server.py add_cell path traversal

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...

Code-MCP 路径遍历漏洞

Code-MCP is an AI-integrated tool for terminal and file operations developed by Steven Yu. Versions of Code-MCP 4cfc4643541a110c906d93635b391bf7e357f4a8 and earlier have a path traversal vulnerability. This vulnerability stems from a problem with the MCP File Handler component in the issafepath...

CVE-2026-7403

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...

CVE-2026-7403 geldata gel-mcp server.py fetch_rule path traversal

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...

PT-2026-35930

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search papers of the file research server.py. Performing a manipulation of the argument topic results in path traversal. Remote...

CVE-2026-7214

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function readfile/writefile/listfiles/fileinf of the file src/server.py. The manipulation of the argument WORKSPACEPATH leads to path traversal. The attack may be initiated remotely. The...

CVE-2026-7158 dmitryglhf mcp-url-downloader server.py _validate_url_safe server-side request forgery

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

CVE-2026-7157 disler aider-mcp-server aider_ai_code server.py command injection

A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...

CVE-2026-7066 choieastsea simple-openstack-mcp server.py exec_openstack os command injection

A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function execopenstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-7066 choieastsea simple-openstack-mcp server.py exec_openstack os command injection

A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function execopenstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has...

EUVD-2026-23739

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...