Common Vulnerabilities and Exposures (CVE)

CVE-2026-44969

Jul 16, 2026 17:49:50 UTC

dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DbtMCP.call_tool() in src/dbt_mcp/mcp/server.py logged the raw arguments dictionary at INFO level before each tool call and at ERROR level on exceptions, ...

CVE-2026-44970

Jul 16, 2026 17:49:19 UTC

dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DefaultUsageTracker.emit_tool_called_event() in src/dbt_mcp/tracking/tracking.py serialized every MCP tool call's complete arguments dictionary and sent i...

CVE-2026-44968

Jul 16, 2026 17:48:29 UTC

dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, _run_dbt_command() in src/dbt_mcp/dbt_cli/tools.py appended unsanitized node_selection and resource_type values to the dbt subprocess argument list, allow...

CVE-2026-39808

Jul 16, 2026 17:45:38 UTC

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector he...

CVE-2026-25089

Jul 16, 2026 17:45:38 UTC

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0...

CVE-2026-58644

Jul 16, 2026 17:45:38 UTC

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

CVE-2026-13103

Jul 16, 2026 17:45:15 UTC

A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code.

CVE-2026-63086

Jul 16, 2026 17:41:55 UTC

text-generation-inference through 3.3.7 contains a server-side request forgery (SSRF) vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuin...

CVE-2021-27137

Jul 16, 2026 17:38:47 UTC

An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the UPnP handling functionality allows an unauthenticated remote attacker to send a request that would overflow an internal fixed buffer. Exploita...

CVE-2026-63304

Jul 16, 2026 17:38:36 UTC

AVideo through 29.0 contains an OS command injection vulnerability in plugin/API/standAlone/functions.php where the listFFmpegProcesses() function interpolates unsanitized keyword parameters inside single quotes without escaping. Attackers ...

CVE-2026-13104

Jul 16, 2026 17:38:29 UTC

A potential vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code with elevated privileges.

CVE-2026-14371

Jul 16, 2026 17:36:41 UTC

The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands.

CVE-2026-15945

Jul 16, 2026 17:36:24 UTC

A flaw was found in the group search functionality of the Keycloak server's administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they ar...

CVE-2026-10587

Jul 16, 2026 17:35:39 UTC

A potential out-of-bounds write vulnerability could allow a local privileged attacker to modify power management settings in System Management Mode.

CVE-2026-10588

Jul 16, 2026 17:32:27 UTC

A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory.