GHSA-9F6M-65V9-X9G2 MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

CVE-2026-7715

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...

EUVD-2026-26866

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...

CVE-2026-7715 ravenwits mcp-server-arangodb MCP tools.ts arango_backup path traversal

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...

CVE-2026-7712

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...

CVE-2026-7714

CVE-2026-7714 affects crocodilestick Calibre-Web-Automated (up to version 4.0.6). The vulnerability lies in the Admin Endpoint’s cps/cwa_functions.py, where authentication is missing, enabling a remote attacker to potentially exploit it. Exploit details have been published, and the project was in...

EUVD-2026-26865

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

CVE-2026-7713 crocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorization

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

PT-2026-36786

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

TOTOLINK WA300 缓冲区错误漏洞

TOTOLINK WA300 is a wireless access point produced by TOTOLINK, a Chinese company. The TOTOLINK WA300 5.2cu.7112B20190227 version contains a buffer overflow vulnerability. This vulnerability stems from the function UploadCustomModule in the POST Request Handler component’s file...

PT-2026-36779

Name of the Vulnerable Software and Affected Versions osrg GoBGP versions prior to 4.4.0 Description A remote attack can be launched against the parseRibEntry function in the pkg/packet/mrt/mrt.go file, which may lead to an integer underflow. Integer underflow occurs when an arithmetic operation...

PT-2026-36764

Name of the Vulnerable Software and Affected Versions osrg GoBGP versions prior to 4.4.0 Description A buffer overflow can be triggered remotely within the AIGP Attribute Parser component. The issue exists in the PathAttributeAigp.DecodeFromBytes function located in the pkg/packet/bgp/bgp.go file...

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file/OnlineClassroom/facultylogin that operates on the parameter fid, allowi...

PT-2026-36781

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create document/open document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. Th...

PT-2026-36755

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commit sha/directories results in argument injection. It i...

Linux Distros Unpatched Vulnerability : CVE-2026-7737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody o...

PT-2026-36761

A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request blood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used...

Astra Linux – Vulnerability in Chromium

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow vulnerability in Google Chrome versions prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in UMA in Google Chrome prior to version 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...