Lucene search
K

41187 matches found

Vulnrichment
Vulnrichment
added 2026/04/28 12:0 a.m.3 views

CVE-2026-7203 Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely...

10CVSS8.2AI score0.02448EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35576

A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp server.py of the component Git Search API. Executing a manipulation of the argument repo url/pattern can lead to command injection. The attack can be executed...

7.5CVSS5.2AI score0.01338EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35655

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.11 views

PT-2026-35585

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes mcp.py. The manipulation of the argument root dir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

7.5CVSS5.1AI score0.0041EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35710

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save order of the file /admin/ajax.php?action=save order. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35717

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of the argument ID results in cross site scripting. It is possible to initiate the attack remotely. The exploit has...

4.8CVSS3.3AI score0.0021EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35705

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get cart items of the file /admin/ajax.php?action=get cart items. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has bee...

6.5CVSS6.5AI score0.0025EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35752

A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.9 views

PT-2026-35826

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument default...

6.3CVSS5.1AI score0.00327EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35814

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save settings of the file /admin/index.php?page=save settings. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit...

4.8CVSS3.2AI score0.00206EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35830

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

5CVSS4.8AI score0.00224EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35681

A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file app/api/agent-output/route.ts. The manipulation of the argument outputFile leads to path traversal...

6.9CVSS5.2AI score0.0046EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35651

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

8.6CVSS7.6AI score0.00589EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35669

A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the...

6.5CVSS6.5AI score0.00233EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.4 views

PT-2026-35732

A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function delete expired of the file /ajax.php?action=delete expired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit i...

5.8CVSS5.1AI score0.00206EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35813

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function delete category of the file /admin/ajax.php?action=delete category. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public an...

5.8CVSS5AI score0.00206EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.9 views

PT-2026-35574

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly...

7.5CVSS5.2AI score0.00429EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35653

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

7.5CVSS7AI score0.00298EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35586

A vulnerability was detected in ef10007 MLOps MCP 1.0.0. This impacts an unknown function of the file fastmcp server.py of the component save file Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now...

7.5CVSS5AI score0.00411EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35741

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function save expired of the file /ajax.php?action=save expired. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...

5.8CVSS5.1AI score0.00263EPSS
Exploits0References6
Rows per page
Query Builder