CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/05 4:0 a.m.•7 views

CVE-2026-7811 54yyyu code-mcp MCP File server.py is_safe_path path traversal

7.5CVSS6.6AI score0.00418EPSS

Vulnrichment•added 2026/05/05 3:45 a.m.•7 views

CVE-2026-7810 UsamaK98 python-notebook-mcp server.py add_cell path traversal

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...

Cvelist•added 2026/05/05 3:45 a.m.•33 views

CVE-2026-7810 UsamaK98 python-notebook-mcp server.py add_cell path traversal

7.5CVSS0.0041EPSS

RedhatCVE•added 2026/05/05 2:20 a.m.•2 views

CVE-2026-7694

A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. Executing a manipulation of the argument fCircuitids can lead to sql injection. The...

7.5CVSS6.8AI score0.00325EPSS

RedhatCVE•added 2026/05/05 2:20 a.m.•4 views

CVE-2026-7706

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmmhandleservicerequest of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public a...

5.3CVSS5.3AI score0.00276EPSS

RedhatCVE•added 2026/05/05 2:20 a.m.•4 views

CVE-2026-7718

A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...

6.5CVSS6.5AI score0.00916EPSS

RedhatCVE•added 2026/05/05 2:20 a.m.•3 views

CVE-2026-7712

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...

6.5CVSS6.1AI score0.00297EPSS

RedhatCVE•added 2026/05/05 2:20 a.m.•3 views

CVE-2026-7681

A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...

6.9CVSS6.2AI score0.00455EPSS

EUVD•added 2026/05/05 12:30 a.m.•17 views

EUVD-2026-27161

A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function updatedocument/continuedocument/deletedocument/getcontent of the file app/routes/document.py. Performing a manipulation of the argument DOCSDIR/pa...

EUVD•added 2026/05/05 12:30 a.m.•7 views

Exploits0References6

EUVD-2026-27155

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

6.5CVSS6.4AI score0.00241EPSS

EUVD•added 2026/05/05 12:30 a.m.•6 views

EUVD-2026-27153

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

6.5CVSS5.5AI score0.00211EPSS

NVD•added 2026/05/05 12:16 a.m.•7 views

CVE-2026-7788

7.5CVSS0.0041EPSS

NVD•added 2026/05/05 12:16 a.m.•10 views

CVE-2026-7783

6.5CVSS0.00241EPSS

Exploits0References4

NVD•added 2026/05/05 12:16 a.m.•32 views

CVE-2026-7784

A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. T...

7.5CVSS0.00501EPSS

Vulnrichment•added 2026/05/05 12:0 a.m.•3 views

CVE-2026-7788 Axle-Bucamp MCP-Docusaurus document.py get_content path traversal

ATTACKERKB•added 2026/05/05 12:0 a.m.•6 views

CVE-2026-7788

CNNVD•added 2026/05/05 12:0 a.m.•7 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability, which was caused by out-of-bounds read operations in Dawn. This vulnerability could allow remote attackers to exploit the system by using specially...

4.3CVSS6.1AI score0.00193EPSS

Exploits0References3

Positive Technologies•added 2026/05/05 12:0 a.m.•4 views

PT-2026-36970

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create notebook/read notebook/edit cell/add cell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The explo...