6.9
CVE-2026-7213 - ef10007 MLOps_MCP save_file Tool fastmcp_server.py path traversal
A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now publiβ¦
6.9
CVE-2026-7212 - edvardlindelof notes-mcp notes_mcp.py path traversal
A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation of the argument root_dir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed puβ¦
6.9
CVE-2026-7211 - dvladimirov MCP Git Search API mcp_server.py GitSearchRequest command injection
A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component Git Search API. Executing a manipulation of the argument repo_url/pattern can lead to command injection. The attack can be executed remotelβ¦
6.9
CVE-2026-7206 - dubydu sqlite-mcp entry.py extract_to_json sql injection
A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_filename results in sql injection. Remote exploitation of the attack is possible. The exploit has beeβ¦
6.9
CVE-2026-7205 - duartium papers-mcp-server main.py search_papers path traversal
A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly availaβ¦
9.3
CVE-2026-7204 - Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The expβ¦
9.3
CVE-2026-7203 - Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely. Tβ¦
8.8
CVE-2026-7348 - chromium-browser: Use after free in Codecs
Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-7334 - chromium-browser: Use after free in Views
Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-7358 - chromium-browser: Use after free in Animation
Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)