6 matches found
CVE-2026-7446
VetCoders mcp-server-semgrep version 1.0.0 is affected by CVE-2026-7446 in the MCP Interface. The vulnerability exists in the file src/index.ts (functions analyze_results, filter_results, export_results, compare_results, scan_directory, create_rule) where manipulation of the argument ID enables a...
CVE-2017-20199
A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity...
CVE-2017-20199
A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity...
CVE-2017-20199 Buttercup buttercup-browser-extension Vault access control
A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip in the extract function in extractor.go, which doesn't sufficiently sanitize its input. An attacker can execute arbitrary commands or modify files with the permission of the user by...
SUSE CVE-2025-24371
CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the blocksync protocol peers send their base and latest heights when they connect to a new node A, which is syncing to the tip of a network. base acts as a lower ground and informs A that the...