Lucene search
+L

21 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7158

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

7.5CVSS6.6AI score0.00294EPSS
Exploits0References1
OSV
OSV
added 2026/04/27 9:31 p.m.7 views

GHSA-H7XC-4MV8-59FJ mcp-url-downloader has a Server-Side Request Forgery issue

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

7.3CVSS6.7AI score0.00294EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/27 9:31 p.m.10 views

mcp-url-downloader has a Server-Side Request Forgery issue

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

7.5CVSS6.7AI score0.00294EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/04/27 9:16 p.m.6 views

CVE-2026-7158

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

7.5CVSS0.00294EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/27 9:0 p.m.3 views

CVE-2026-7158 dmitryglhf mcp-url-downloader server.py _validate_url_safe server-side request forgery

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

7.5CVSS6.9AI score0.00294EPSS
Exploits0References4
CVE
CVE
added 2026/04/27 9:0 p.m.22 views

CVE-2026-7158

The CVE-2026-7158 entry concerns the dmitryglhf mcp-url-downloader project. The vulnerability affects the function _validate_url_safe in src/mcp_url_downloader/server.py and is triggered by manipulating the url argument, resulting in server-side request forgery (SSRF). The issue is exploitable re...

7.5CVSS7AI score0.00294EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/27 9:0 p.m.8 views

EUVD-2026-25925

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

7.5CVSS7AI score0.00294EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/27 9:0 p.m.43 views

CVE-2026-7158 dmitryglhf mcp-url-downloader server.py _validate_url_safe server-side request forgery

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

7.5CVSS0.00294EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.13 views

MCP URL Downloader 代码问题漏洞

MCP URL Downloader is an AI assistant tool developed by Dmitry Gilemkhanov, which allows downloading files from URLs to a local device. Versions of MCP URL Downloader 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling ...

7.5CVSS7.2AI score0.00294EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.20 views

Moodle cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01832EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2022/05/13 1:12 a.m.24 views

GHSA-CH68-5R37-P7C3 Moodle cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.3AI score0.01832EPSS
Exploits0References10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

IA WebMail 3.x - (iaregdll.dll version 1.0.0.5) Remote Exploit

No description provided by source. !/usr/bin/perl -w IA WebMail 3.x iaregdll.dll version 1.0.0.5 Remote Exploit Application Specific Shellcode: URL Downloader - www elitehaven net/ncat.exe downloaded - c:\nc.exe created By Peter Winter-Smith peter4020 hotmail com Shellcode included - will need...

7.1AI score
Exploits0
NVD
NVD
added 2014/05/27 12:55 a.m.18 views

CVE-2014-0218

Cross-site scripting XSS vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.5AI score0.01832EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/05/27 12:55 a.m.26 views

CVE-2014-0218

Cross-site scripting XSS vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01832EPSS
Exploits0References4
Prion
Prion
added 2014/05/27 12:55 a.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01832EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/05/27 12:0 a.m.29 views

CVE-2014-0218

Cross-site scripting XSS vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.4AI score0.01832EPSS
Exploits0References4
CVE
CVE
added 2014/05/27 12:0 a.m.57 views

CVE-2014-0218

Moodle XSS in the URL downloader (repository/url/lib.php) allows remote attackers to inject arbitrary web script or HTML. Affected: Moodle up to 2.3.11; 2.4.x before 2.4.10; 2.5.x before 2.5.6; 2.6.x before 2.6.3. Root cause: unspecified vectors. Impact: potential arbitrary script execution in af...

4.3CVSS5.5AI score0.01832EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2008/06/04 12:0 a.m.26 views

C6 Messenger Installation Url Downloader ActiveX code execution

It's possible to download and execute file. Vulnerability is used in-the-wild for hidden trojan code installation...

3.2AI score
Exploits0References1
seebug.org
seebug.org
added 2003/11/19 12:0 a.m.28 views

IA WebMail 3.x (iaregdll.dll version 1.0.0.5) Remote Exploit

No description provided by source. !/usr/bin/perl -w IA WebMail 3.x iaregdll.dll version 1.0.0.5 Remote Exploit Application Specific Shellcode: URL Downloader - www elitehaven net/ncat.exe downloaded - c:\nc.exe created By Peter Winter-Smith peter4020 hotmail com Shellcode included - will need...

7.1AI score
Exploits0
0day.today
0day.today
added 2003/11/19 12:0 a.m.34 views

IA WebMail 3.x (iaregdll.dll version 1.0.0.5) Remote Exploit

Exploit for unknown platform in category remote exploits ============================================================ IA WebMail 3.x iaregdll.dll version 1.0.0.5 Remote Exploit ============================================================ !/usr/bin/perl -w IA WebMail 3.x iaregdll.dll version 1.0.0...

7.1AI score
Exploits0
Rows per page
Query Builder