3 matches found
CVE-2026-4270
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...
PT-2025-52729
Name of the Vulnerable Software and Affected Versions Local Deep Research versions 1.3.0 through 1.3.8 Description The software is an AI-powered research assistant. A flaw exists in the download service download service.py where HTTP requests are made using raw requests.get calls, bypassing the...
CVE-2024-23657 Path Traversal: '../filedir' in Nuxt Devtools
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...