6.9
CVE-2026-7594 - Flux159 mcp-game-asset-gen MCP index.ts image_to_3d_async path traversal
A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function image_to_3d_async of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now publicโฆ
6.9
CVE-2026-7593 - Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. Thโฆ
6.9
CVE-2026-7592 - itsourcecode Courier Management System edit_staff.php sql injection
A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /edit_staff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public aโฆ
5.3
CVE-2026-7591 - TimBroddin astro-mcp-server MCP Tool Query Construction index.ts sql injection
A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attack โฆ
6.9
CVE-2026-7590 - eyal-gor p_69_branch_monkey_mcp Preview Endpoint advanced.py os command injection
A vulnerability was identified in eyal-gor p_69_branch_monkey_mcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branch_monkey_mcp/bridge_and_local_actions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argumenโฆ
6.9
CVE-2026-7589 - ghantakiran splunk-mcp-integration CSV Export csv_export.py create_csv_export path traversal
A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function create_csv_export of the file services/csv-export-service/app/api/v1/endpoints/csv_export.py of the component CSV Export. This manipulation of the argument jโฆ
4.4
CVE-2026-35233 - OutโofโBounds ELF Parsing in dtrace Causes Crash or Privilege Escalation
An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via dtrace -p , pid probes, or USDT), the ELF parser reads heap memory beyond the allocated section cacโฆ
3.3
CVE-2026-21996 - dtrace Crash via Integer DivideโbyโZero in Pbuild_file_symtab
An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab()
6.9
CVE-2026-7588 - ggerve coding-standards-mcp server.py get_best_practices path traversal
A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function get_style_guide/get_best_practices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public andโฆ
5.3
CVE-2026-7587 - Open5GS AMF nsmf-handler.c amf_nsmf_pdusession_handle_update_sm_context denial of service
A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amf_nsmf_pdusession_handle_update_sm_context of the file /src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The explโฆ