Lucene search
K

148 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-42494

A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affects the function validatefilepath of the file mcptexteditor/texteditor.py. Such manipulation of the argument filepath leads to path traversal. The attack can be launched remotely. The exploit has been...

7.5CVSS6.2AI score0.00347EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41695

A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grasscompiler::selector::extend/grasscompiler::evaluate::visitor. The manipulation leads to denial of service. The attack must be carried out locally. The exploit has been disclosed to the publi...

4.8CVSS5.1AI score0.00115EPSS
Exploits0References6
NVD
NVD
added 6 days ago10 views

CVE-2026-14639

A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/myaccount.php?editaccount. Such manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS0.002EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 10:45 a.m.14 views

CVE-2026-13560

Summary : CVE-2026-13560 affects Edimax EW-7478APC (firmware 1.04). The vulnerable component is the POST Request Handler’s /goform/formAccept function, where manipulating the argument submit-url enables an OS command injection . The attack is remote and the exploit has been disclosed publicly. Th...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53112

Name of the Vulnerable Software and Affected Versions ANTLR4 versions prior to 4.13.3 Description Command injection is possible in the gofmt component via the GoTarget function located in the tool/src/org/antlr/v4/codegen/target/GoTarget.java file. This issue allows an attacker to execute arbitra...

5.3CVSS6.3AI score0.00678EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.19 views

PT-2026-51198

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue in the MCP Server Connection Testing component allows for server-side request forgery SSRF, which is a flaw that enables an attacker to induce the server-side application to make...

6.5CVSS6.6AI score0.00262EPSS
Exploits1References13
Vulnrichment
Vulnrichment
added 2026/06/06 3:15 p.m.11 views

CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

7.5CVSS7AI score0.00259EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7094

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

7.5CVSS6.8AI score0.0032EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/02 7:0 p.m.10 views

CVE-2026-10617 nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...

7.5CVSS6.5AI score0.00399EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 11:0 p.m.12 views

CVE-2026-10300 SGLang Inference HTTP Endpoint lora_manager.py assertion

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS5.2AI score0.00368EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:15 a.m.12 views

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

7.5CVSS6.7AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 2026/05/25 6:30 p.m.44 views

CVE-2026-9482

CVE-2026-9482 affects Edimax EW-7438RPn firmware 1.31. The vulnerability is in formSDHCP of the file /goform/formSDHCP; manipulating the submit-url leads to a stack-based buffer overflow. It is remotely exploitable, with the public exploit disclosed. The CVSS-derived metrics indicate HIGH impact ...

9CVSS7.8AI score0.00589EPSS
Exploits0References4
CVE
CVE
added 2026/04/29 7:0 p.m.10 views

CVE-2026-7400

CVE-2026-7400 affects geekgod382’s filesystem-mcp-server (v1.0.0). The issue is in the is_path_allowed function within server.py (read_file_tool/write_file_tool), enabling path traversal. The vulnerability is exploitable remotely, with a publicly disclosed exploit and an official fix in v1.1.0. T...

7.5CVSS7AI score0.0043EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/27 1:30 p.m.30 views

CVE-2026-7128 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=savetype. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has...

7.5CVSS0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.8 views

PT-2026-35430

A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save type. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit ha...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/25 9:0 p.m.3 views

CVE-2026-7000

A vulnerability has been found in Datacom DM4100 1.3.6.1.4.1.3709. Affected by this issue is some unknown functionality of the component VLAN Page. Such manipulation of the argument VLAN Name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to...

4.8CVSS3.1AI score0.00245EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/19 3:30 p.m.5 views

EUVD-2026-23702

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remot...

6.3CVSS5.2AI score0.00323EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/06 9:31 p.m.3 views

EUVD-2026-19482

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

6.3CVSS5.1AI score0.00188EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/06 10:30 a.m.5 views

CVE-2026-5646 code-projects Easy Blog Site login.php sql injection

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

7.5CVSS6.9AI score0.00325EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.5 views

CVE-2026-4537

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5AI score0.10296EPSS
Exploits0References1
Rows per page
Query Builder