Aggregator

A vulnerability described as critical has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The identification of this vulnerability is CVE-2026-7730. The attack may be launched remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #807559 / VDB-360908

A vulnerability marked as critical has been reported in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. This vulnerability was named CVE-2026-7729. The attack may be initiated remotely. In addition, an exploit is available. The pull request to fix this issue awaits acceptance.

Submit #807558 / VDB-360907

Submit #807557 / VDB-360906

VECT 2.0 ransomware contains fatal flaws that permanently destroy files, making recovery impossible and rendering ransom payments useless for victims worldwide.

A vulnerability labeled as critical has been found in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function get_doc_content/read_doc/update_doc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal. This vulnerability is uniquely identified as CVE-2026-7728. The attack can be launched remotely. Moreover, an exploit is present. It is best practice to apply a patch to resolve this issue.

Submit #807541 / VDB-360905

Submit #807539 / VDB-360904

Мессенджер не отличал .docx от .exe. И вот чем это обернулось…

Submit #807538 / VDB-360903

A vulnerability identified as critical has been detected in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. This vulnerability is handled as CVE-2026-7727. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

威胁情报生态系统的产出与共享 by ourren

Gemini Enterprise Agent Platform — Govern 深度技术解析 by ourren

nginxpulse: 轻量级 Nginx 访问日志分析与可视化面板 by ourren

本体：大模型的语义操作系统 by ourren

人工智能的软件基础（复旦大学2026年春季学期） by ourren

SoftwareCopyright-Skill: 中国软件著作权申请材料Skills by ourren

更多最新文章，请访问SecWiki

Submit #803268 / VDB-360902

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.3.12/6.4.3. This affects the function ufshcd_queuecommand of the file drivers/ufs/core/ufshcd.c. Performing a manipulation results in double free. This vulnerability is cataloged as CVE-2023-53510. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.2.15/6.3.2. Impacted is the function amdgpu_cs_submit. Such manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2023-53228. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Open CASCADE Technology OCCT 8.0.0.rc5. It has been classified as problematic. This impacts the function Geom2d_BSplineCurve::EvalD0. The manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2026-42481. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Linux Kernel up to 6.6.135/6.12.82/6.18.23/6.19.13/7.0.0. It has been rated as critical. This issue affects the function vidtv_ts_null_write_into of the component media. The manipulation leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2026-43058. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. This vulnerability is traded as CVE-2026-7598. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability, which was classified as problematic, has been found in Open CASCADE Technology OCCT 8.0.0.rc5. Impacted is the function VrmlData_IndexedFaceSet of the file libTKDEVRML.so of the component VRML File Handler. This manipulation causes denial of service. The identification of this vulnerability is CVE-2026-42478. It is possible to initiate the attack remotely. There is no exploit available.