Lucene search
K

41189 matches found

NVD
NVD
added 2026/04/27 6:16 p.m.4 views

CVE-2026-7146

A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...

7.5CVSS0.0032EPSS
Exploits0References5
NVD
NVD
added 2026/04/27 6:16 p.m.6 views

CVE-2026-7143

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

6.5CVSS0.00192EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 6:0 p.m.4 views

EUVD-2026-25905

A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...

7.5CVSS7AI score0.0032EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 6:0 p.m.3 views

CVE-2026-7146 AlejandroArciniegas mcp-data-vis HTTP Request server.js axios server-side request forgery

A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...

7.5CVSS7AI score0.0032EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/27 6:0 p.m.34 views

CVE-2026-7146 AlejandroArciniegas mcp-data-vis HTTP Request server.js axios server-side request forgery

A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...

7.5CVSS0.0032EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 6:0 p.m.3 views

CVE-2026-7146

A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...

7.5CVSS5.2AI score0.0032EPSS
Exploits0References5
CVE
CVE
added 2026/04/27 5:45 p.m.16 views

CVE-2026-7145

CVE-2026-7145 affects mettle SendPortal up to version 3.0.1. The vulnerability is in the destroy function of app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php (Invitation Handler), where manipulating the invitation argument leads to authorization bypass. The advisory states the a...

5.5CVSS5.6AI score0.00235EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 5:30 p.m.3 views

CVE-2026-7144

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file updatepasswdprocess.php. The manipulation of the argument tempuser results in authorization bypass. The attack can be launched remotely. The exploit has been...

5.3CVSS5.2AI score0.00215EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/27 5:30 p.m.5 views

CVE-2026-7144 1000 Projects Portfolio Management System MCA update_passwd_process.php authorization

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file updatepasswdprocess.php. The manipulation of the argument tempuser results in authorization bypass. The attack can be launched remotely. The exploit has been...

5.3CVSS5.2AI score0.00215EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/27 5:30 p.m.38 views

CVE-2026-7144 1000 Projects Portfolio Management System MCA update_passwd_process.php authorization

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file updatepasswdprocess.php. The manipulation of the argument tempuser results in authorization bypass. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00215EPSS
Exploits0References5
NVD
NVD
added 2026/04/27 5:16 p.m.3 views

CVE-2026-7140

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has...

10CVSS0.01766EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 5:15 p.m.3 views

CVE-2026-7143 1000 Projects Portfolio Management System MCA block_status.php sql injection

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

6.5CVSS5.4AI score0.00192EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 5:15 p.m.4 views

CVE-2026-7143

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

6.5CVSS5.4AI score0.00192EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/27 5:15 p.m.7 views

EUVD-2026-25894

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

6.5CVSS5.4AI score0.00192EPSS
Exploits0References5
CVE
CVE
added 2026/04/27 5:15 p.m.16 views

CVE-2026-7143

CVE-2026-7143 affects the 1000 Projects Portfolio Management System MCA (up to version 1.0). The vulnerability is located in an unknown function of the file /admin/block_status.php, where improper handling of the q parameter enables SQL injection. A remote attacker could exploit this, and publicl...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 5:0 p.m.6 views

CVE-2026-7142

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

6.5CVSS5.1AI score0.00214EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/27 5:0 p.m.34 views

CVE-2026-7142 Wooey API Endpoint scripts.py add_or_update_script improper authorization

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

6.5CVSS0.00214EPSS
Exploits0References8
CVE
CVE
added 2026/04/27 5:0 p.m.14 views

CVE-2026-7142

CVE-2026-7142 affects Wooey up to 0.13.2, specifically the function add_or_update_script in wooey/api/scripts.py within the API Endpoint. The issue enables improper authorization via manipulation of the script endpoint, with remote execution possible. Public exploitation has been disclosed. Mitig...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/27 4:45 p.m.5 views

CVE-2026-7141 vllm KV Block kv_cache_interface.py has_mamba_layers uninitialized resource

A vulnerability was found in vllm up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is...

6.3CVSS4.8AI score0.00288EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/27 4:30 p.m.4 views

CVE-2026-7140

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has...

10CVSS5.2AI score0.01766EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder