6.9
CVE-2026-7220 - jackwrichards FastlyMCP fastly_cli Tool fastly-mcp.mjs os command injection
A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool. The manipulation of the argument command leads to os command injection. It is possible to initiate โฆ
8.6
CVE-2026-7219 - Totolink N300RT formIpQoS buffer overflow
A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
8.6
CVE-2026-7218 - Totolink N300RT libapmib.so formWsc is_cmd_string_valid buffer overflow
A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried outโฆ
6.9
CVE-2026-7217 - Deepractice PromptX Document File index.ts read_pdf absolute path traversal
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leaโฆ
6.9
CVE-2026-7216 - donchelo processing-claude-mcp-bridge create_sketch Tool processing_server.py path traversal
A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processing_server.py of the component create_sketch Tool. This manipulation of the argument sketch_name causes path traversal. Remote eโฆ
7.2
CVE-2026-1460 - Command Injection in Zyxel DX3301-T0 and EX3301-T0 Firmware
A post-authentication command injection vulnerability in the โDomainNameโ parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected deโฆ
6.9
CVE-2026-7215 - egtai gmx-vmd-mcp VMD Launch mcp_server.py launch_vmd_gui_tool command injection
A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of the file mcp_server.py of the component VMD Launch Handler. The manipulation of the argument structure_file/trajectory_file results in command injection. The attack may be laโฆ
6.8
CVE-2026-0711 - Postโauthentication command injection in Zyxel DX3300โT0 EasyMesh APIs
A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.
6.9
CVE-2026-7214 - eghuzefa engineer-your-data server.py file_inf path traversal
A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation of the argument WORKSPACE_PATH leads to path traversal. The attack may be initiated remotely. The eโฆ
6.9
CVE-2026-7213 - ef10007 MLOps_MCP save_file Tool fastmcp_server.py path traversal
A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now publiโฆ