40913 matches found
CVE-2026-10662
A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...
CVE-2026-10690 wonderwhy-er DesktopCommanderMCP read_file filesystem.ts readFileFromUrl server-side request forgery
A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...
CVE-2026-10688
A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function executeblendercode of the file /src/blendermcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried...
CVE-2026-10688
The CVE-2026-10688 affects the ahujasid blender-mcp project; the vulnerable component is execute_blender_code in /src/blender_mcp/server.py. Manipulating the code argument allows code injection, with remote execution possible. Public exploitation is indicated, and the project uses a rolling relea...
CVE-2026-10650
A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...
CVE-2026-10286
A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /homeemployee.php. The manipulation of the argument empid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...
CVE-2026-9381
A vulnerability was detected in Edimax BR-6675nD 1.12. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. The attack may be...
CVE-2026-10292
A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used...
CVE-2026-10662
A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...
CVE-2026-10662 ahujasid blender-mcp ZIP File server.py requests.get server-side request forgery
A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...
CVE-2026-10624
A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...
CVE-2026-10650 warmcat libwebsockets SSH Protocol sshd.c lws_ssh_parse_plaintext resource consumption
A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...
CVE-2026-10624 SourceCodester Human Resource Management Employee View detailview.php resource injection
A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...
CVE-2026-10624
The vulnerability affects SourceCodester Human Resource Management 1.0, in the Employee View Page’s detailview.php. Manipulating the employeeid parameter leads to improper control of resource identifiers (an IDOR-style issue). Exploitation can be performed remotely, and public disclosure of the e...
CVE-2026-10624
A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...
CVE-2026-10620
A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...
EUVD-2026-34023
A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...
CVE-2026-10620 code-projects Student Admission System index.php sql injection
A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...
CVE-2026-10620 code-projects Student Admission System index.php sql injection
A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...
CVE-2026-10620
The CVE-2026-10620 entry applies to code-projects Student Admission System 1.0, with a SQL injection flaw in /index.php triggered by tampering with eid/did arguments. The underlying issue is an input handling fault that enables remote SQL injection (attack vector: NETWORK; complexity: LOW). The e...