Aggregator

CVE-2026-7221 | TencentCloudBase CloudBase-MCP up to 2.17.0 open-url API Endpoint interactive-server.ts openUrl req.body.url server-side request forgery (Issue 509)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. It has been declared as critical. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. This vulnerability is known as CVE-2026-7221. It is possible to launch the attack remotely. Furthermore, an exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-7220 | jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620 fastly_cli Tool fastly-mcp.mjs command os command injection

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability was found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. It has been classified as critical. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool. The manipulation of the argument command leads to os command injection. This vulnerability is traded as CVE-2026-7220. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

APT73

Dark Feed IO
1 month 3 weeks ago

You must login to view this content

cohenido

ClickUp’s Hardcoded API Key Exposes 959 Emails from Fortune 500 Giants

Cyber Security News
1 month 3 weeks ago

A publicly accessible JavaScript file on ClickUp’s homepage has been silently leaking nearly a thousand corporate and government email addresses, including employees from Fortinet, Home Depot, Tenable, Mayo Clinic, and U.S. state government workers, through a hardcoded third-party API key that was first reported in January 2025 and remains unrotated as of April 2026. The […]

The post ClickUp’s Hardcoded API Key Exposes 959 Emails from Fortune 500 Giants appeared first on Cyber Security News.

Guru Baran

CVE-2026-7219 | Totolink N300RT 3.4.0-B20250430 /boafrm/formIpQoS entry_name buffer overflow

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability was found in Totolink N300RT 3.4.0-B20250430 and classified as critical. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. This vulnerability appears as CVE-2026-7219. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

CVE-2026-7218 | Totolink N300RT 3.4.0-B20250430 libapmib.so /boafrm/formWsc is_cmd_string_valid localPin buffer overflow

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability has been found in Totolink N300RT 3.4.0-B20250430 and classified as critical. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. This vulnerability is reported as CVE-2026-7218. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

欧洲批准了 Moderna 的流感和 COVID-19 联合疫苗

Solidot
1 month 3 weeks ago
欧洲批准了 Moderna 研发的基于 mRNA 技术的流感和 COVID-19 联合疫苗。被称为 mRNA-1083 或 mCOMBRIAX 的疫苗成为全球首个获得批准的针对这两种呼吸道病毒的联合疫苗。疫苗获批是基于一项 4000 名成年人参与的 III 期临床试验结果。试验分为两组,一组为 50-64 岁的受试者,与标准流感疫苗进行比较;另一组为 65 岁及以上的受试者,与高剂量流感疫苗进行比较。两组受试者中,相对于对照组 mCOMBRIAX 疫苗都能诱导对常见流感病毒株(A/H1N1、A/H3N2 和 B/Victoria)以及 SARS-CoV-2 病毒产生统计上显著更高的免疫反应。试验未发现安全性或不良反应方面的问题。

CVE-2026-7217 | Deepractice PromptX up to 2.4.0 Document File index.ts path absolute path traversal (Issue 571)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability, which was classified as critical, was found in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads to absolute path traversal. This vulnerability is documented as CVE-2026-7217. The attack can be executed remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-7216 | donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd create_sketch Tool processing_server.py sketch_name path traversal

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability, which was classified as critical, has been found in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processing_server.py of the component create_sketch Tool. This manipulation of the argument sketch_name causes path traversal. This vulnerability is registered as CVE-2026-7216. Remote exploitation of the attack is possible. Furthermore, an exploit is available. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

Managed ad