EUVD-2026-35009

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

CVE-2026-7158

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

CVE-2026-7211

A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcpserver.py of the component Git Search API. Executing a manipulation of the argument repourl/pattern can lead to command injection. The attack can be executed remotel...

EUVD-2026-34842

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...

PT-2026-45678

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-10276 hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

CVE-2026-10228

A vulnerability was found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admissionformcheck.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

CVE-2026-10169

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

CVE-2026-9472

A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function downloadmarkdown/listdownloadedfiles/createsubdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. T...

EUVD-2026-31706

A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...

EUVD-2026-31671

A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. This affects the function which of the file /src/application/skills-loader.ts of the component SkillsLoader. Performing a manipulation of the argument requires.bins results in command injection. T...

DEBIAN-CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

CVE-2026-7844

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...

PT-2026-36970

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create notebook/read notebook/edit cell/add cell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The explo...

CVE-2026-7443

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

CVE-2026-7416

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...

notes-mcp has a Path Traversal issue

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

CVE-2026-7146

A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...

PT-2026-31820

Name of the Vulnerable Software and Affected Versions Zod jsVideoUrlParser versions up to 0.5.1 Description A weakness exists in Zod jsVideoUrlParser up to version 0.5.1. The issue is related to inefficient regular expression complexity caused by manipulation of the timestamp argument within the...

CVE-2026-5638

A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem...