Aggregator

CVE-2026-7314 | eiceblue spire-doc-mcp-server 1.0.0 base.py get_doc_path document_name path traversal (EUVD-2026-26151)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in eiceblue spire-doc-mcp-server 1.0.0. It has been rated as critical. This affects the function get_doc_path of the file src/spire_doc_mcp/api/base.py. Performing a manipulation of the argument document_name results in path traversal. This vulnerability is identified as CVE-2026-7314. The attack can be initiated remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-7315 | eiceblue spire-pdf-mcp-server 0.1.1 PDF File server.py get_pdf_path filepath path traversal (EUVD-2026-26152)

Vuldb Updates
1 month 3 weeks ago
A vulnerability categorized as critical has been discovered in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get_pdf_path of the file src/spire_pdf_mcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. This vulnerability is tracked as CVE-2026-7315. The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-7316 | eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af code_with_ai aider_mcp.py working_dir/editable_files command injection (EUVD-2026-26153)

Vuldb Updates
1 month 3 weeks ago
A vulnerability identified as critical has been detected in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The manipulation of the argument working_dir/editable_files leads to command injection. This vulnerability is listed as CVE-2026-7316. The attack may be initiated remotely. In addition, an exploit is available. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-7317 | Grav CMS up to 1.7.49.5/2.0.0-beta.1 Cache Value FileCache.php FileCache::doGet deserialization (GHSA-gwfr-jfjf-92vv / c66dfeb5f)

Vuldb Updates
1 month 3 weeks ago
A vulnerability labeled as critical has been found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. This vulnerability is cataloged as CVE-2026-7317. The attack may be launched remotely. Furthermore, there is an exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-7318 | elie mcp-project 0.1.0 research_server.py search_papers topic path traversal (EUVD-2026-26155)

Vuldb Updates
1 month 3 weeks ago
A vulnerability, which was classified as critical, was found in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the argument topic results in path traversal. This vulnerability is known as CVE-2026-7318. Attacking locally is a requirement. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-7319 | elinsky execution-system-mcp 0.1.0 add_action Tool server.py _get_context_file_path context path traversal (EUVD-2026-26156)

Vuldb Updates
1 month 3 weeks ago
A vulnerability has been found in elinsky execution-system-mcp 0.1.0 and classified as critical. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. This manipulation of the argument context causes path traversal. This vulnerability is handled as CVE-2026-7319. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-42428 | OpenClaw up to 2026.4.7 integrity check (GHSA-3vvq-q2qc-7rmp / EUVD-2026-26130)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in OpenClaw up to 2026.4.7. It has been classified as problematic. Impacted is an unknown function. Performing a manipulation results in missing support for integrity check. This vulnerability is reported as CVE-2026-42428. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

FIDO Alliance wants to keep AI agents from going rogue on online payments

Help Net Security
1 month 3 weeks ago

AI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how trust works when actions are carried out on a user’s behalf. The FIDO Alliance has announced a set of initiatives to build shared standards for these interactions, covering how AI agents authenticate, follow instructions, and carry out transactions. “AI agents are quickly becoming part of how people get things done … More →

The post FIDO Alliance wants to keep AI agents from going rogue on online payments appeared first on Help Net Security.

Sinisa Markovic

M3RX

Dark Feed IO
1 month 3 weeks ago

You must login to view this content

cohenido

M3RX

Dark Feed IO
1 month 3 weeks ago

You must login to view this content

cohenido

Good Riddance to Passwords: Officials Urge Passkeys Instead

DataBreachToday.com
1 month 3 weeks ago
Digital Passkeys That Synchronize Across Devices Are Easier, Faster, More Secure
Forget passwords: British cybersecurity officials now recommend using digital passkeys whenever they're available, finding that passkeys offer better and faster security, with lower costs for services that provide them, compared to widely despised passwords.

How AI Drives Shift to Continuous Pen Testing at Evinova

DataBreachToday.com
1 month 3 weeks ago
Adeeb Mahmood of Evinova and Shahar Peled of Terra Security Describe Transition
Continuous pen testing has replaced static annual tests and is reshaping how Evinova, a technology company of AstraZeneca, is managing cyber risk in its fast-moving cloud environment, said Adeeb Mahmood of Evinova and Shahar Peled of Terra Security, who describe the transition.

Germany Caught Up in Likely Russian Signal Phishing

DataBreachToday.com
1 month 3 weeks ago
Governments Have Long Warned About Kremlin Social Engineering Hacks
Signal is defending the security of its systems following a series of phishing attacks that took place on the encrypted messaging platform, and that reportedly compromised members of the German government including the president of the country's parliament.

Managed ad