CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/05 8:21 p.m.•5 views

CVE-2026-7738

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...

6.5CVSS6.3AI score0.00288EPSS

RedhatCVE•added 2026/05/05 8:21 p.m.•6 views

CVE-2026-7701

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...

5.3CVSS5.4AI score0.00394EPSS

RedhatCVE•added 2026/05/05 8:21 p.m.•8 views

CVE-2026-7676

A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument...

5.3CVSS5.4AI score0.00365EPSS

6.5CVSS6.2AI score0.00272EPSS

CVE-2026-7713

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

RedhatCVE•added 2026/05/05 8:21 p.m.•4 views

CVE-2026-7719

A security flaw has been discovered in Totolink WA300 5.2cu.7112B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument httphost results in buffer overflow. The attack may be launched...

10CVSS7.8AI score0.00619EPSS

RedhatCVE•added 2026/05/05 8:21 p.m.•6 views

CVE-2026-7695

A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. The manipulation of the argument fCircuitids leads to sql injection. The attack may be...

7.5CVSS6.8AI score0.00343EPSS

6.5CVSS6.4AI score0.00206EPSS

CVE-2026-7732

A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file requestblood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used...

6.5CVSS6.3AI score0.01158EPSS

CVE-2026-7682

A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit ha...

7.5CVSS6.8AI score0.00259EPSS

CVE-2026-7670

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

NVD•added 2026/05/05 8:16 p.m.•4 views

CVE-2026-7856

A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /urlmember.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and...

8.6CVSS0.04589EPSS

NVD•added 2026/05/05 8:16 p.m.•4 views

CVE-2026-7857

A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /usergroup.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and m...

8.6CVSS0.04164EPSS

CVE•added 2026/05/05 7:15 p.m.•22 views

CVE-2026-7857

CVE-2026-7857 concerns D-Link DI-8100 (firmware 16.07.26A1) where the CGI Handler’s function sprintf in the /user_group.asp file is vulnerable to a buffer overflow. The affected component is the CGI/Scripting interface; the underlying root cause is unsafe handling in sprintf, enabling overflow th...

8.6CVSS7.3AI score0.04164EPSS

Exploits1References5Affected Software1

Cvelist•added 2026/05/05 7:15 p.m.•45 views

CVE-2026-7857 D-Link DI-8100 CGI user_group.asp sprintf buffer overflow

8.6CVSS0.04164EPSS

Vulnrichment•added 2026/05/05 7:15 p.m.•6 views

CVE-2026-7857 D-Link DI-8100 CGI user_group.asp sprintf buffer overflow

8.6CVSS7.3AI score0.04164EPSS

ATTACKERKB•added 2026/05/05 7:0 p.m.•2 views

CVE-2026-7856

8.6CVSS7.5AI score0.04589EPSS

Exploits1References5Affected Software1

Cvelist•added 2026/05/05 7:0 p.m.•27 views

CVE-2026-7856 D-Link DI-8100 Web Management url_member.asp buffer overflow

8.6CVSS0.04589EPSS