CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/29 3:30 p.m.•5 views

CVE-2026-7389 EyouCMS common.php GetSortData sql injection

7.5CVSS7.1AI score0.00259EPSS

EUVD•added 2026/04/29 3:15 p.m.•5 views

EUVD-2026-26251

A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...

5.8CVSS5AI score0.00239EPSS

ATTACKERKB•added 2026/04/29 3:15 p.m.•3 views

CVE-2026-7388

5.8CVSS4.9AI score0.00239EPSS

Vulnrichment•added 2026/04/29 3:15 p.m.•2 views

CVE-2026-7388 EyouCMS Template File FilemanagerLogic.php editFile code injection

5.8CVSS4.9AI score0.00239EPSS

CVE•added 2026/04/29 3:15 p.m.•12 views

CVE-2026-7388

CVE-2026-7388 affects EyouCMS up to version 1.7.9, specifically the Template File Handler’s FilemanagerLogic.php editFile function. The weakness enables code injection via remote manipulation of the editFile workflow. Public exploit appears available and the vendor has not publicly responded to t...

5.8CVSS5.1AI score0.00239EPSS

ATTACKERKB•added 2026/04/29 3:0 p.m.•4 views

CVE-2026-7386

A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mailmcpserver.py. Executing a manipulation of the argument messageids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used...

7.5CVSS6.9AI score0.00429EPSS

Exploits0References7Affected Software1

Cvelist•added 2026/04/29 3:0 p.m.•28 views

CVE-2026-7386 fatbobman mail-mcp-bridge mail_mcp_server.py path traversal

7.5CVSS0.00429EPSS

CVE•added 2026/04/29 3:0 p.m.•14 views

CVE-2026-7386

The CVE-2026-7386 entry concerns fatbobman mail-mcp-bridge up to 1.3.3, with a path traversal flaw in an unknown function of src/mail_mcp_server.py. The vulnerability is triggered by manipulating the message_ids argument and can be exploited remotely; exploitation has been published. A fix is ava...

7.5CVSS7AI score0.00429EPSS

Vulnrichment•added 2026/04/29 3:0 p.m.•5 views

CVE-2026-7386 fatbobman mail-mcp-bridge mail_mcp_server.py path traversal

7.5CVSS7AI score0.00429EPSS

EUVD•added 2026/04/29 3:0 p.m.•4 views

EUVD-2026-26250

7.5CVSS6.9AI score0.00429EPSS

RedhatCVE•added 2026/04/29 2:49 p.m.•4 views

CVE-2026-7213

A vulnerability was detected in ef10007 MLOpsMCP 1.0.0. This impacts an unknown function of the file fastmcpserver.py of the component savefile Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now public...

7.5CVSS7AI score0.00411EPSS

RedhatCVE•added 2026/04/29 2:49 p.m.•3 views

CVE-2026-7224

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS7.2AI score0.00254EPSS

RedhatCVE•added 2026/04/29 2:49 p.m.•7 views

CVE-2026-7102

A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be...

8.8CVSS6.2AI score0.03024EPSS

Exploits1References1

RedhatCVE•added 2026/04/29 2:49 p.m.•5 views

CVE-2026-7212

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

7.5CVSS6.9AI score0.0041EPSS

RedhatCVE•added 2026/04/29 2:49 p.m.•5 views

CVE-2026-7110

A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published an...

5.1CVSS3.4AI score0.00191EPSS

RedhatCVE•added 2026/04/29 2:49 p.m.•3 views

CVE-2026-7145

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

5.5CVSS5.4AI score0.00235EPSS

RedhatCVE•added 2026/04/29 2:49 p.m.•3 views

CVE-2026-7087

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=savesales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS7.2AI score0.00254EPSS