Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

40969 matches found

Cvelist
Cvelistadded 2026/04/29 3:0 p.m.28 views

CVE-2026-7386 fatbobman mail-mcp-bridge mail_mcp_server.py path traversal

A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mailmcpserver.py. Executing a manipulation of the argument messageids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used...

7.5CVSS0.00429EPSS
Exploits0References7
CVE
CVEadded 2026/04/29 3:0 p.m.12 views

CVE-2026-7386

The CVE-2026-7386 entry concerns fatbobman mail-mcp-bridge up to 1.3.3, with a path traversal flaw in an unknown function of src/mail_mcp_server.py. The vulnerability is triggered by manipulating the message_ids argument and can be exploited remotely; exploitation has been published. A fix is ava...

7.5CVSS7AI score0.00429EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2026/04/29 2:49 p.m.3 views

CVE-2026-7212

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

7.5CVSS6.9AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:49 p.m.2 views

CVE-2026-7213

A vulnerability was detected in ef10007 MLOpsMCP 1.0.0. This impacts an unknown function of the file fastmcpserver.py of the component savefile Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now public...

7.5CVSS7AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:49 p.m.3 views

CVE-2026-7224

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:49 p.m.5 views

CVE-2026-7102

A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be...

8.8CVSS6.2AI score0.03024EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:49 p.m.3 views

CVE-2026-7110

A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published an...

5.1CVSS3.4AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:49 p.m.2 views

CVE-2026-7145

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

5.5CVSS5.4AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:49 p.m.2 views

CVE-2026-7087

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=savesales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:49 p.m.2 views

CVE-2026-7077

A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /editparcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:49 p.m.2 views

CVE-2026-7072

A vulnerability was detected in CodePanda Source canteenmanagementsystem 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:48 p.m.6 views

CVE-2026-7218

A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function iscmdstringvalid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out...

8.6CVSS7.6AI score0.00463EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:48 p.m.6 views

CVE-2026-7082

A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been...

9CVSS8.6AI score0.00619EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:48 p.m.2 views

CVE-2026-7288

A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed t...

9CVSS8.3AI score0.0069EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:48 p.m.5 views

CVE-2026-7248

A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfilehtm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used...

10CVSS9.1AI score0.02154EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:48 p.m.1 views

CVE-2026-7203

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely...

10CVSS8.2AI score0.02448EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/04/29 12:30 a.m.8 views

Duplicate Advisory: Grav has Insecure Deserialization in File Cache

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwfr-jfjf-92vv. This link is maintained to preserve external references. Original Description A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function...

5CVSS5.2AI score0.00224EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blogadded 2026/04/29 12:30 a.m.10 views

xxl-job has a Resource Injection issue

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

6.3CVSS5.1AI score0.00418EPSS
Exploits0References9Affected Software1
Redos
Redosadded 2026/04/29 12:0 a.m.2 views

ROS-20260429-73-0012

A vulnerability in the pgtrgm component of the PostgreSQL database management system is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

8.2CVSS5.7AI score0.00335EPSS
Exploits0
Redos
Redosadded 2026/04/29 12:0 a.m.1 views

ROS-20260429-73-0019

A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...

8.8CVSS6AI score0.00659EPSS
Exploits0
Rows per page
Query Builder