Lucene search
K

4 matches found

NVD
NVD
added 2026/06/24 10:16 p.m.9 views

CVE-2026-53766

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...

6.1CVSS0.00087EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/24 9:29 p.m.19 views

CVE-2026-53766 chrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing roots

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...

6.1CVSS0.00087EPSS
Exploits1References1
OSV
OSV
added 2025/12/31 10:5 p.m.6 views

GHSA-RWC2-F344-Q6W6 serverless MCP Server vulnerable to Command Injection in list-projects tool

Summary A command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This vulnerability only affects users of the experimental MCP server feature serverless mcp, which represents less than 0.1% of Serverless Framework users. The core Serverle...

7.5CVSS9.3AI score0.01944EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2025/12/31 10:5 p.m.59 views

serverless MCP Server vulnerable to Command Injection in list-projects tool

Summary A command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This vulnerability only affects users of the experimental MCP server feature serverless mcp, which represents less than 0.1% of Serverless Framework users. The core Serverle...

7.5CVSS9.4AI score0.01944EPSS
Exploits2References6Affected Software1
Rows per page
Query Builder