CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/29 3:15 p.m.•5 views

EUVD-2026-26251

A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...

5.8CVSS5AI score0.00239EPSS

Vulnrichment•added 2026/04/29 3:15 p.m.•3 views

CVE-2026-7388 EyouCMS Template File FilemanagerLogic.php editFile code injection

5.8CVSS4.9AI score0.00239EPSS

ATTACKERKB•added 2026/04/29 3:15 p.m.•4 views

CVE-2026-7388

5.8CVSS4.9AI score0.00239EPSS

CVE•added 2026/04/29 3:15 p.m.•13 views

CVE-2026-7388

CVE-2026-7388 affects EyouCMS up to version 1.7.9, specifically the Template File Handler’s FilemanagerLogic.php editFile function. The weakness enables code injection via remote manipulation of the editFile workflow. Public exploit appears available and the vendor has not publicly responded to t...

5.8CVSS5.1AI score0.00239EPSS

Vulnrichment•added 2026/04/29 3:0 p.m.•5 views

CVE-2026-7386 fatbobman mail-mcp-bridge mail_mcp_server.py path traversal

A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mailmcpserver.py. Executing a manipulation of the argument messageids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used...

7.5CVSS7AI score0.00429EPSS

EUVD•added 2026/04/29 3:0 p.m.•5 views

EUVD-2026-26250

7.5CVSS6.9AI score0.00429EPSS

Cvelist•added 2026/04/29 3:0 p.m.•29 views

CVE-2026-7386 fatbobman mail-mcp-bridge mail_mcp_server.py path traversal

7.5CVSS0.00429EPSS

ATTACKERKB•added 2026/04/29 3:0 p.m.•5 views

CVE-2026-7386

7.5CVSS6.9AI score0.00429EPSS

Exploits0References7Affected Software1

CVE•added 2026/04/29 3:0 p.m.•16 views

CVE-2026-7386

The CVE-2026-7386 entry concerns fatbobman mail-mcp-bridge up to 1.3.3, with a path traversal flaw in an unknown function of src/mail_mcp_server.py. The vulnerability is triggered by manipulating the message_ids argument and can be exploited remotely; exploitation has been published. A fix is ava...

7.5CVSS7AI score0.00429EPSS

RedhatCVE•added 2026/04/29 2:49 p.m.•7 views

CVE-2026-7102

A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be...

8.8CVSS6.2AI score0.03024EPSS

Exploits1References1

7.5CVSS7.2AI score0.00254EPSS

CVE-2026-7224

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

RedhatCVE•added 2026/04/29 2:49 p.m.•7 views

CVE-2026-7212

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

7.5CVSS6.9AI score0.0041EPSS

RedhatCVE•added 2026/04/29 2:49 p.m.•6 views

CVE-2026-7213

A vulnerability was detected in ef10007 MLOpsMCP 1.0.0. This impacts an unknown function of the file fastmcpserver.py of the component savefile Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now public...

7.5CVSS7AI score0.00411EPSS

5.1CVSS3.4AI score0.00191EPSS

CVE-2026-7110

A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published an...

RedhatCVE•added 2026/04/29 2:49 p.m.•3 views

CVE-2026-7145

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

5.5CVSS5.4AI score0.00235EPSS

7.5CVSS7.2AI score0.00254EPSS

CVE-2026-7087

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=savesales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...

RedhatCVE•added 2026/04/29 2:49 p.m.•7 views

CVE-2026-7077

A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /editparcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be...

7.5CVSS7.3AI score0.00254EPSS

7.5CVSS7.3AI score0.00254EPSS

CVE-2026-7072

A vulnerability was detected in CodePanda Source canteenmanagementsystem 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may...

RedhatCVE•added 2026/04/29 2:48 p.m.•10 views

CVE-2026-7218

A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function iscmdstringvalid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out...

8.6CVSS7.6AI score0.00463EPSS