CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/28 1:0 p.m.•0 views

CVE-2026-7272 WilliamCloudQi matlab-mcp-server MCP index.ts execute_matlab_code path traversal

7.5CVSS7AI score0.00073EPSS

ATTACKERKB•added 2026/04/28 1:0 p.m.•3 views

CVE-2026-7272

7.5CVSS7AI score0.00073EPSS

Cvelist•added 2026/04/28 1:0 p.m.•27 views

CVE-2026-7272 WilliamCloudQi matlab-mcp-server MCP index.ts execute_matlab_code path traversal

7.5CVSS0.00073EPSS

Vulnrichment•added 2026/04/28 9:39 a.m.•2 views

CVE-2026-7279 eMPIA Technology｜AVACAST - DLL Hijacking

AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads the DLL...

8.5CVSS6.2AI score0.00017EPSS

Exploits0References2

EUVD•added 2026/04/28 2:6 a.m.•3 views

EUVD-2026-25970

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

7.2CVSS5.5AI score0.00077EPSS

CNNVD•added 2026/04/28 12:0 a.m.•5 views

MATLAB MCP Server 路径遍历漏洞

MATLAB MCP Server is an AI assistant tool developed by Williamcloudq, which integrates MATLAB functionality. MATLAB MCP Server has a path traversal vulnerability. This vulnerability stems from the operation of the generatematlabcode/executematlabcode functions in the MCP Interface component,...

7.5CVSS7.1AI score0.00073EPSS

Cvelist•added 2026/04/27 11:29 p.m.•25 views

CVE-2026-40973

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack...

7CVSS0.00009EPSS

SUSE Linux•added 2026/04/27 12:6 p.m.•2 views

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. CVE-2026-25952: Heap-use-after-free in xfSetWindowMinMaxInfo...

8.2CVSS5.7AI score0.00164EPSS

Exploits13References58

OSV•added 2026/04/27 12:5 p.m.•2 views

SUSE-SU-2026:1633-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. - CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. - CVE-2026-25952: Heap-use-after-free in...

9.8CVSS5AI score0.00164EPSS

Exploits15References35

EUVD•added 2026/04/27 1:15 a.m.•2 views

EUVD-2026-25751

A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the publi...

Cvelist•added 2026/04/27 1:0 a.m.•33 views

CVE-2026-7073 itsourcecode Construction Management System execute.php sql injection

A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

7.5CVSS0.00043EPSS

Vulnrichment•added 2026/04/27 1:0 a.m.•2 views

CVE-2026-7073 itsourcecode Construction Management System execute.php sql injection

CVE•added 2026/04/27 1:0 a.m.•7 views

CVE-2026-7073

CVE-2026-7073 affects itsourcecode Construction Management System 1.0. A flaw in an unknown part of /execute.php allows manipulation of the argument code to trigger SQL injection. The vulnerability is remotely exploitable and exploitation is documented as a proof-of-concept in the linked sources....

Positive Technologies•added 2026/04/27 12:0 a.m.•2 views

PT-2026-35519

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...

8.8CVSS5.2AI score0.00064EPSS

Exploits1References9

CNNVD•added 2026/04/27 12:0 a.m.•5 views

WordPress plugin LatePoint 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.9AI score0.00064EPSS

Exploits1References1

CNNVD•added 2026/04/27 12:0 a.m.•3 views

itsourcecode Construction Management System 注入漏洞

itsourcecode Construction Management System is an open-source construction management system developed by itsourcecode. Version 1.0 of the itsourcecode Construction Management System has a vulnerability related to parameter handling in the file/execute.php, which may lead to SQL injection attacks...