Aggregator

CVE-2026-42371 | uriparser up to 1.0.0 URI numeric truncation error (Nessus ID 310600)

Vuldb Updates
2 weeks 4 days ago
A vulnerability was found in uriparser up to 1.0.0. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component URI Handler. The manipulation leads to numeric truncation error. This vulnerability is uniquely identified as CVE-2026-42371. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-7306 | Xuxueli xxl-job up to 3.3.2 OpenAPI Endpoint OpenApiController.java default_token hard-coded key (Issue 3938 / EUVD-2026-26150)

Vuldb Updates
2 weeks 4 days ago
A vulnerability was found in Xuxueli xxl-job up to 3.3.2. It has been declared as critical. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument default_token leads to use of hard-coded cryptographic key . This vulnerability is referenced as CVE-2026-7306. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

CVE-2026-7314 | eiceblue spire-doc-mcp-server 1.0.0 base.py get_doc_path document_name path traversal (EUVD-2026-26151)

Vuldb Updates
2 weeks 4 days ago
A vulnerability was found in eiceblue spire-doc-mcp-server 1.0.0. It has been rated as critical. This affects the function get_doc_path of the file src/spire_doc_mcp/api/base.py. Performing a manipulation of the argument document_name results in path traversal. This vulnerability is identified as CVE-2026-7314. The attack can be initiated remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-7315 | eiceblue spire-pdf-mcp-server 0.1.1 PDF File server.py get_pdf_path filepath path traversal (EUVD-2026-26152)

Vuldb Updates
2 weeks 4 days ago
A vulnerability categorized as critical has been discovered in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get_pdf_path of the file src/spire_pdf_mcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. This vulnerability is tracked as CVE-2026-7315. The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-7316 | eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af code_with_ai aider_mcp.py working_dir/editable_files command injection (EUVD-2026-26153)

Vuldb Updates
2 weeks 4 days ago
A vulnerability identified as critical has been detected in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The manipulation of the argument working_dir/editable_files leads to command injection. This vulnerability is listed as CVE-2026-7316. The attack may be initiated remotely. In addition, an exploit is available. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-7317 | Grav CMS up to 1.7.49.5/2.0.0-beta.1 Cache Value FileCache.php FileCache::doGet deserialization (GHSA-gwfr-jfjf-92vv / c66dfeb5f)

Vuldb Updates
2 weeks 4 days ago
A vulnerability labeled as critical has been found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. This vulnerability is cataloged as CVE-2026-7317. The attack may be launched remotely. Furthermore, there is an exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-7318 | elie mcp-project 0.1.0 research_server.py search_papers topic path traversal (EUVD-2026-26155)

Vuldb Updates
2 weeks 4 days ago
A vulnerability, which was classified as critical, was found in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the argument topic results in path traversal. This vulnerability is known as CVE-2026-7318. Attacking locally is a requirement. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-7319 | elinsky execution-system-mcp 0.1.0 add_action Tool server.py _get_context_file_path context path traversal (EUVD-2026-26156)

Vuldb Updates
2 weeks 4 days ago
A vulnerability has been found in elinsky execution-system-mcp 0.1.0 and classified as critical. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. This manipulation of the argument context causes path traversal. This vulnerability is handled as CVE-2026-7319. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-42428 | OpenClaw up to 2026.4.7 integrity check (GHSA-3vvq-q2qc-7rmp / EUVD-2026-26130)

Vuldb Updates
2 weeks 4 days ago
A vulnerability was found in OpenClaw up to 2026.4.7. It has been classified as problematic. Impacted is an unknown function. Performing a manipulation results in missing support for integrity check. This vulnerability is reported as CVE-2026-42428. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

FIDO Alliance wants to keep AI agents from going rogue on online payments

Help Net Security
2 weeks 4 days ago

AI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how trust works when actions are carried out on a user’s behalf. The FIDO Alliance has announced a set of initiatives to build shared standards for these interactions, covering how AI agents authenticate, follow instructions, and carry out transactions. “AI agents are quickly becoming part of how people get things done … More →

The post FIDO Alliance wants to keep AI agents from going rogue on online payments appeared first on Help Net Security.

Sinisa Markovic

M3RX

Dark Feed IO
2 weeks 4 days ago

You must login to view this content

cohenido

M3RX

Dark Feed IO
2 weeks 4 days ago

You must login to view this content

cohenido

Managed ad