CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

149 matches found

CVE-2025-66335

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

5.3CVSS5.8AI score0.00116EPSS

Exploits0References1

Tenable Nessus•added 2026/05/17 12:0 a.m.•13 views

Fedora 44 : python-uv-build / rust-astral-tokio-tar / uv (2026-7aacc8ea7d)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-7aacc8ea7d advisory. Update uv and python-uv-build to 0.11.11. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA- xx64-wwv2-hcqq and GHSA-...

5.8AI score

Exploits0References1

vulnersOsv•added 2026/05/08 3:16 p.m.•5 views

fusion-tools (>=3.6.19 <=3.6.90), idt-calculator (=0.1.0) +6 more potentially affected by CVE-2026-38361 via dash-uploader (>=0.6.0 <=0.6.1)

dash-uploader PYPI version =0.6.0, =3.6.19, =0.0.11, =0.0.30, =0.0.50.0, =0.2.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38361 Source advisory: OSV:PYSEC-2026-37...

7.5CVSS5.8AI score0.00641EPSS

Exploits5

OSV•added 2026/05/06 5:26 p.m.•2 views

GHSA-XX64-WWV2-HCQQ astral-tokio-tar: `unpack_in` can chmod arbitrary directories by following symlinks

Impact In versions 0.6.0 and earlier of astral-tokio-tar, the unpackin API could inadvertently modify the permissions of external i.e. non-archive directories outside of the archive. An attacker could use this to contrite a tar archive that maliciously changes directory permissions outside of its...

6.9CVSS5.8AI score

Exploits0References4

EUVD•added 2026/04/20 3:31 p.m.•1 views

EUVD-2025-209532

5.3CVSS6AI score0.00116EPSS

Exploits0References3

Vulnrichment•added 2026/04/20 1:27 p.m.•1 views

CVE-2025-66335 Apache Doris MCP Server: MCP SQL inject

6AI score0.00116EPSS

Exploits0References1

CNNVD•added 2026/04/20 12:0 a.m.•5 views

Apache Doris MCP Server 安全漏洞

Apache Doris MCP Server is a context-based protocol backend service provided by the Apache Foundation. Versions of Apache Doris MCP Server prior to 0.6.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of query contexts, which could lead to the execution o...

5.3CVSS6AI score0.00116EPSS

Exploits0References1

Github Security Blog•added 2026/04/01 12:3 a.m.•7 views

TorchGeo Remote Code Execution Vulnerability

Impact TorchGeo 0.4–0.6.0 used an eval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose torchgeo.models.getweight or torchgeo.trainers as an external API could be affected. Patches The eval statement wa...

8.1CVSS6.2AI score0.00645EPSS

Exploits0References9Affected Software1

RedhatCVE•added 2026/03/06 1:34 a.m.•5 views

CVE-2024-43035

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1...

5.8CVSS6AI score0.0043EPSS

Exploits1References1

SUSE CVE•added 2025/12/30 12:25 a.m.•8 views

SUSE CVE-2025-15095

A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used...

5.1CVSS5.7AI score0.00008EPSS

Exploits0References3

Veracode•added 2025/12/13 7:47 a.m.•6 views

TorchGeo Remote Code Execution Vulnerability

Impact TorchGeo 0.4–0.6.0 used an ""eval"" https://docs.python.org/3/library/functions.htmleval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose ""torchgeo.models.getweight""...

8.1CVSS6.3AI score0.00645EPSS

Exploits0Affected Software1