6.9
CVE-2026-7319 - elinsky execution-system-mcp add_action Tool server.py _get_context_file_path path traversal
A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. This manipulation of the argument context causes path traversal. The attack can be initiated remoโฆ
5.1
CVE-2026-7318 - elie mcp-project research_server.py search_papers path traversal
A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the argument topic results in path traversal. Attacking locally is a requirement. The exploit is now public and may be used. The project wasโฆ
2.3
CVE-2026-7317 - Grav CMS Cache Value FileCache.php doGet deserialization
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be lโฆ
6.9
CVE-2026-7316 - eiliyaabedini aider-mcp code_with_ai aider_mcp.py command injection
A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The manipulation of the argument working_dir/editable_files leads to command injection. The attack may beโฆ
7.7
CVE-2026-41649 - Outline has IDOR in document share creation that allows unauthorized access to private documents acโฆ
Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both `collectionId` and `documentId` are provided in the request, the authorization logic only checโฆ
6.9
CVE-2026-7315 - eiceblue spire-pdf-mcp-server PDF File server.py get_pdf_path path traversal
A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get_pdf_path of the file src/spire_pdf_mcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The explโฆ
6.9
CVE-2026-7314 - eiceblue spire-doc-mcp-server base.py get_doc_path path traversal
A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get_doc_path of the file src/spire_doc_mcp/api/base.py. Performing a manipulation of the argument document_name results in path traversal. The attack can be initiated remotely. The exploit is now public aโฆ
6.3
CVE-2026-7306 - Xuxueli xxl-job OpenAPI Endpoint OpenApiController.java hard-coded key
A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument default_tokeโฆ
5.3
CVE-2026-7305 - Xuxueli xxl-job trigger Endpoint XxlJobServiceImpl.java triggerJob server-side request forgery
A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes serverโฆ
6.3
CVE-2026-7303 - Xuxueli xxl-job Execution Log JobLogController.java logDetailCat resource injection
A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improperโฆ