PT-2026-47628

Name of the Vulnerable Software and Affected Versions Windows-MCP versions prior to 0.7.5 Description In SSE and Streamable HTTP transport modes, the MCP control plane is exposed without authentication and utilizes wildcard CORS Cross-Origin Resource Sharing, which allows any origin, method, or...

EUVD-2026-21492

Rembg has a Path Traversal via Custom Model Loading...

DB-GPT 代码注入漏洞

DB-GPT is an open-source development framework for AI-native data applications based on AWEL and proxies, developed by eosphoros. Version 0.7.5 of DB-GPT contains a code injection vulnerability, which stems from operations on components in the file/api/v1/serve/awel/flow/import, potentially leadi...

AZL-78509 CVE-2026-28419 affecting package vim 9.1.1616-1

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding...

Nginx 代码问题漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from the US-based Nginx Corporation. A security vulnerability exists in Nginx NJS version v0.7.5 that stems from a segmentation violation where the JUMP offset of the interrupt directive is not set to the...