Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

40978 matches found

EUVD
EUVDadded 2026/04/28 4:0 a.m.3 views

EUVD-2026-25980

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References5
CVE
CVEadded 2026/04/28 4:0 a.m.14 views

CVE-2026-7223

CVE-2026-7223 affects BigSweetPotatoStudio HyperChat (up to 2.0.0-alpha.63) in the AI Proxy Middleware, specifically the fetch function in packages/core/src/http/aiProxyMiddleware.mts. The issue results from manipulation of the baseurl argument, enabling server-side request forgery. The attack is...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/28 3:45 a.m.4 views

EUVD-2026-25979

A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component Complaint Form Page. This manipulation of the argument Complaint causes cross site scripting...

5.1CVSS3.6AI score0.00232EPSS
Exploits1References5
CVE
CVEadded 2026/04/28 3:45 a.m.9 views

CVE-2026-7222

The CVE-2026-7222 entry affects code-projects Coaching Management System 1.0, specifically the Complaint Form Page component at /cims/modules/student/complaint.php. The issue is a cross-site scripting vulnerability caused by manipulation of the Complaint argument, allowing remote exploitation. Pu...

5.1CVSS3.9AI score0.00232EPSS
Exploits1References5
OSV
OSVadded 2026/04/28 3:31 a.m.5 views

GHSA-VC5J-42HH-J3MR notes-mcp has a Path Traversal issue

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

7.3CVSS6.6AI score0.0041EPSS
Exploits0References6
OSV
OSVadded 2026/04/28 3:31 a.m.8 views

GHSA-4J28-22QP-RJCF sqlite-mcp has an Injection issue

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

7.3CVSS6.8AI score0.00277EPSS
Exploits0References8
Github Security Blog
Github Security Blogadded 2026/04/28 3:31 a.m.9 views

notes-mcp has a Path Traversal issue

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

7.5CVSS6.7AI score0.0041EPSS
Exploits0References7Affected Software1
Cvelist
Cvelistadded 2026/04/28 3:30 a.m.29 views

CVE-2026-7221 TencentCloudBase CloudBase-MCP open-url API Endpoint interactive-server.ts openUrl server-side request forgery

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

7.5CVSS0.00298EPSS
Exploits0References8
EUVD
EUVDadded 2026/04/28 3:30 a.m.4 views

EUVD-2026-25978

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

7.5CVSS6.9AI score0.00298EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/04/28 3:30 a.m.4 views

CVE-2026-7221

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

7.5CVSS5.1AI score0.00298EPSS
Exploits0References8Affected Software1
CVE
CVEadded 2026/04/28 3:30 a.m.10 views

CVE-2026-7221

CVE-2026-7221 affects TencentCloudBase CloudBase-MCP (up to v2.17.0) with a vulnerability in the openUrl function (mcp/src/interactive-server.ts) of the open-url API Endpoint. Manipulating req.body.url enables server-side request forgery (SSRF) and can be exploited remotely; the exploit is public...

7.5CVSS5.1AI score0.00298EPSS
Exploits0References8
NVD
NVDadded 2026/04/28 3:16 a.m.11 views

CVE-2026-7217

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...

6.9CVSS0.0044EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/28 3:15 a.m.2 views

EUVD-2026-25977

A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastlycli Tool. The manipulation of the argument command leads to os command injection. It is possible to initiate...

7.5CVSS7AI score0.01338EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/28 3:0 a.m.32 views

CVE-2026-7219 Totolink N300RT formIpQoS buffer overflow

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entryname can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

8.6CVSS0.00589EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/28 3:0 a.m.3 views

CVE-2026-7219 Totolink N300RT formIpQoS buffer overflow

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entryname can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

8.6CVSS7.5AI score0.00589EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/28 3:0 a.m.6 views

EUVD-2026-25975

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entryname can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

8.6CVSS7.5AI score0.00589EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/28 3:0 a.m.3 views

CVE-2026-7219

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entryname can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

8.6CVSS5.8AI score0.00589EPSS
Exploits0References5
CVE
CVEadded 2026/04/28 3:0 a.m.8 views

CVE-2026-7219

In Totolink N300RT (firmware 3.4.0-B20250430), a flaw exists in the function handling /boafrm/formIpQoS. Crafting the argument entry_name can trigger a buffer overflow, potentially exploitable remotely. CVSS vectors indicate HIGH impact to confidentiality, integrity, and availability with network...

8.6CVSS5.8AI score0.00589EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/28 2:45 a.m.2 views

CVE-2026-7218 Totolink N300RT libapmib.so formWsc is_cmd_string_valid buffer overflow

A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function iscmdstringvalid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out...

8.6CVSS7.6AI score0.00463EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/28 2:45 a.m.31 views

CVE-2026-7218 Totolink N300RT libapmib.so formWsc is_cmd_string_valid buffer overflow

A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function iscmdstringvalid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out...

8.6CVSS0.00463EPSS
Exploits0References5
Rows per page
Query Builder