VYPR

Vendor CVEs

User Attachments

All CVEs

37 total · sorted by risk
  • CVE-2026-5327MedApr 2, 2026
    risk 0.41cvss 6.3epss 0.01

    A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The…

  • CVE-2026-4192MedMar 16, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed…

  • CVE-2026-3680MedMar 7, 2026
    risk 0.41cvss 6.3epss 0.01

    A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation results in command injection. The attack can be initiated remotely. The exploit has…

  • CVE-2026-7629MedMay 2, 2026
    risk 0.34cvss 6.3epss 0.01

    A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a manipulation can lead to command injection. The attack may be launched…

  • CVE-2026-7628MedMay 2, 2026
    risk 0.34cvss 6.3epss 0.01

    A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be…

  • CVE-2026-5007MedMar 28, 2026
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulation leads to os command injection. The attack needs to be performed locally. The…

  • CVE-2026-4016MedMar 12, 2026
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipulation leads to out-of-bounds write. Local access is required to approach this…

  • CVE-2026-4015MedMar 12, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the…

  • CVE-2026-3959MedMar 11, 2026
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached…

  • CVE-2025-11015MedSep 26, 2025
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restricted to local execution.…

  • CVE-2025-10824MedSep 23, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was determined in axboe fio up to 3.41. This impacts the function __parse_jobs_ini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized.

  • CVE-2025-3791MedApr 18, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as critical was found in symisc UnQLite up to 957c377cb691a4f617db9aba5cc46d90425071e2. This vulnerability affects the function jx9MemObjStore of the file /data/src/benchmarks/unqlite/unqlite.c. The manipulation leads to heap-based buffer overflow. It…

  • CVE-2026-5833MedApr 9, 2026
    risk 0.28cvss 5.3epss 0.01

    A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Identifier leads to command injection. The attack must be carried out locally. The…

  • CVE-2026-5603MedApr 5, 2026
    risk 0.28cvss 5.3epss 0.01

    A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly…

  • CVE-2026-5602MedApr 5, 2026
    risk 0.28cvss 5.3epss 0.01

    A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud. This manipulation causes os command injection. The…

  • CVE-2026-5661MedApr 6, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used.

  • CVE-2026-5125MedMar 30, 2026
    risk 0.27cvss 5.3epss 0.01

    A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function child_process.execSync of the file src/server.ts. The manipulation of the argument git_diff.base_ref/git_diff.files results in os command injection. The attack is…

  • CVE-2026-4496MedMar 20, 2026
    risk 0.27cvss 5.3epss 0.01

    A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function child_process.exec of the file src/gitUtils.ts of the component show_merge_diff/quick_merge_summary/show_file_diff. The manipulation…

  • CVE-2026-4199MedMar 16, 2026
    risk 0.27cvss 5.3epss 0.01

    A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit…

  • CVE-2026-4198MedMar 16, 2026
    risk 0.27cvss 5.3epss 0.01

    A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly…

  • CVE-2026-3946LowMar 11, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is…

  • CVE-2026-4833LowMar 26, 2026
    risk 0.21cvss 3.3epss 0.00

    A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made…

  • CVE-2026-2069LowFeb 6, 2026
    risk 0.21cvss 3.3epss 0.00

    A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The attack needs to be…

  • CVE-2025-10823LowSep 23, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in axboe fio up to 3.41. This affects the function str_buffer_pattern_cb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could…

  • CVE-2025-6536LowJun 24, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in Tarantool up to 3.3.1 and classified as problematic. Affected by this vulnerability is the function tm_to_datetime in the library src/lib/core/datetime.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The…

  • CVE-2025-6497LowJun 23, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been…

  • CVE-2025-6496LowJun 23, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack.…

  • CVE-2026-8275LowMay 11, 2026
    risk 0.17cvss 3.7epss 0.01

    A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogod_ipp_primitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. The…

  • CVE-2026-5037LowMar 29, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local…

  • CVE-2026-4174LowMar 16, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local…

  • CVE-2025-54790Aug 1, 2025
    risk 0.00cvss epss 0.00

    Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10.

  • CVE-2025-54789Aug 1, 2025
    risk 0.00cvss epss 0.00

    Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s…

  • CVE-2025-2091Jun 16, 2025
    risk 0.00cvss epss 0.00

    An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.

  • CVE-2018-20592Dec 30, 2018
    risk 0.00cvss epss 0.01

    In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.

  • CVE-2018-20593Dec 30, 2018
    risk 0.00cvss epss 0.01

    In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.

  • CVE-2018-20004Dec 10, 2018
    risk 0.00cvss epss 0.02

    An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml.

  • CVE-2018-20005Dec 10, 2018
    risk 0.00cvss epss 0.01

    An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.