Lucene search
K

7 matches found

NVD
NVD
added 2026/05/01 9:16 p.m.5 views

CVE-2026-7594

A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function imageto3dasync of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public...

7.5CVSS0.00418EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/01 8:30 p.m.4 views

CVE-2026-7594 Flux159 mcp-game-asset-gen MCP index.ts image_to_3d_async path traversal

A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function imageto3dasync of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public...

7.5CVSS6.8AI score0.00418EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.8 views

MCP Asset Generation Server 路径遍历漏洞

MCP Asset Generation Server is a multi-type asset generation server for game development by the individual developer Suyog Sonwalkar. A path traversal vulnerability exists in MCP Asset Generation Server version 0.1.0, which stems from improper manipulation of the parameter statusFile in the...

7.5CVSS7AI score0.00418EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/10 8:21 a.m.184 views

Exploit for OS Command Injection in Cyberpanel

PoC: CVE-2024-51378 Command Injection, эмуляция 📌 Описан...

10CVSS5.6AI score0.94878EPSS
Exploits7
Saint
Saint
added 2024/11/07 12:0 a.m.277 views

CyberPanel upgrademysqlstatus authentication bypass and command injection

Added: 11/07/2024 Background CyberPanel is a web hosting control panel. Problem A pair of vulnerabilities in the upgrademysqlstatus web resource could allow a remote attacker to bypass authentication using a PUT request and execute arbitrary commands with a specially crafted statusfile parameter...

8.5AI score
Exploits0
Cvelist
Cvelist
added 2024/10/29 12:0 a.m.48 views

CVE-2024-51378

getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware which is only for a POST request and using shell...

10CVSS0.94878EPSS
Exploits7References7
VulnCheck KEV
VulnCheck KEV
added 2024/10/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-51378

CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property...

10CVSS7.6AI score0.94878EPSS
Exploits7References1
Rows per page
Query Builder