PT-2026-35653

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

PT-2026-35827

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get doc path of the file src/spire doc mcp/api/base.py. Performing a manipulation of the argument document name results in path traversal. The attack can be initiated remotely. The exploit is now public...

PT-2026-35662

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function delete menu of the file /admin/ajax.php?action=delete menu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploi...

EUVD-2026-25959

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

CVE-2026-7202 Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

EUVD-2026-25955

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. Executing a manipulation of the argument ID can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2026-7200

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. Executing a manipulation of the argument ID can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2026-41364 OpenClaw < 2026.3.31 - Arbitrary File Write via Symlink Following in SSH Sandbox Tar Upload

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote host...

CVE-2026-7199

SourceCodester Pharmacy Sales and Inventory System 1.0 contains a SQL injection in /ajax.php?action=delete_product via manipulation of the ID parameter. The vulnerability can be exploited remotely, with the exploit publicly available. The CVE records confirm an attacker could leverage this flaw t...

CVE-2026-7199 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deleteproduct. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the atta...

EUVD-2026-25954

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deleteproduct. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the atta...

CVE-2026-7196

CodeAstro Online Classroom 1.0 is affected by CVE-2026-7196. The vulnerability exists in an unknown function under /guestdetails where manipulating the deleteid parameter enables SQL injection. The issue is exploitable remotely and an exploit has been publicly disclosed. No remediation details ar...

CVE-2026-7196 CodeAstro Online Classroom guestdetails sql injection

A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be...

CVE-2026-7183

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...

CVE-2026-7183 aligungr UERANSIM Radio Link Simulation Layer rls_pdu.cpp DecodeRlsMessage uncaught exception

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...

EUVD-2026-25933

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...

CVE-2026-7178

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...

CVE-2026-7177

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

CVE-2026-7159

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-7178

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...