40977 matches found
CVE-2026-7418 UTT HiPER 1250GW NTP strcpy buffer overflow
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been public...
CVE-2026-7418
The CVE covers UTT HiPER 1250GW versions up to 3.2.7-210907-180535. The issue affects the function strcpy in file route/goform/NTP, where manipulating the Profile argument can trigger a buffer overflow. This vulnerability is remotely triggerable and has publicly disclosed exploit details. No reme...
EUVD-2026-26294
A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...
CVE-2026-7417 Algovate xhs-mcp MCP mcp.server.ts xhs_publish_content server-side request forgery
A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...
mcpo-simple-server has a Path Traversal issue
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...
CVE-2026-7416 PolarVista xcode-mcp-server MCP index.ts run_tests os command injection
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...
EUVD-2026-26293
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...
CVE-2026-7416 PolarVista xcode-mcp-server MCP index.ts run_tests os command injection
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...
CVE-2026-7404
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...
CVE-2026-7403
A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...
EUVD-2026-26292
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=addtocart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...
CVE-2026-7410 SourceCodester Pizzafy Ecommerce System ajax.php add_to_cart sql injection
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=addtocart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...
CVE-2026-7410
CVE-2026-7410 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerability is in /admin/ajax.php?action=add_to_cart, where manipulating the pid parameter causes an SQL injection. The exploit is publicly disclosed and the CVSS metrics indicate medium severity (base scores ~5.3–6.5) with ...
CVE-2026-7409 SourceCodester Pizzafy Ecommerce System ajax.php save_user sql injection
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...
EUVD-2026-26291
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...
CVE-2026-7409 SourceCodester Pizzafy Ecommerce System ajax.php save_user sql injection
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...
CVE-2026-7409
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...
CVE-2026-7409
CVE-2026-7409 affects SourceCodester Pizzafy Ecommerce System 1.0, specifically the /admin/ajax.php?action=save_user function. The issue allows remote execution of SQL injection through manipulation of the save_user process. CVSS metrics in the document indicate network attack vector, low complex...
CVE-2026-7316
A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...
CVE-2026-7295
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has be...