Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

81928 matches found

Positive Technologies
Positive Technologiesadded 2026/04/30 12:0 a.m.0 views

PT-2026-36032

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

7.5CVSS6.9AI score0.00019EPSS
Exploits0References6
EUVD
EUVDadded 2026/04/29 10:45 p.m.1 views

EUVD-2026-26300

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

7.5CVSS7.2AI score0.01715EPSS
Exploits0References6
NVD
NVDadded 2026/04/29 10:16 p.m.1 views

CVE-2026-7417

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...

7.5CVSS0.00021EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/04/29 9:45 p.m.1 views

CVE-2026-7417

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...

7.5CVSS7AI score0.00021EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2026/04/29 9:45 p.m.25 views

CVE-2026-7417 Algovate xhs-mcp MCP mcp.server.ts xhs_publish_content server-side request forgery

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...

7.5CVSS0.00021EPSS
Exploits0References6
EUVD
EUVDadded 2026/04/29 9:30 p.m.4 views

EUVD-2026-26293

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...

7.5CVSS7.2AI score0.00403EPSS
Exploits0References6
NVD
NVDadded 2026/04/29 9:16 p.m.2 views

CVE-2026-7403

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...

6.9CVSS0.00018EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/04/29 8:48 p.m.2 views

CVE-2026-7316

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

7.5CVSS7AI score0.0212EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/29 8:15 p.m.3 views

CVE-2026-7404

A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...

7.5CVSS7.1AI score0.00025EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/04/29 8:0 p.m.2 views

EUVD-2026-26287

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...

6.9CVSS5.4AI score0.00018EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/29 8:0 p.m.3 views

CVE-2026-7403 geldata gel-mcp server.py fetch_rule path traversal

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...

6.9CVSS5.4AI score0.00018EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/29 8:0 p.m.1 views

CVE-2026-7403

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...

6.9CVSS5.4AI score0.00018EPSS
Exploits0References5Affected Software1
NVD
NVDadded 2026/04/29 7:16 p.m.2 views

CVE-2026-7398

A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfomcpplatform/app.py of the component Upload Endpoint. This manipulation of the argument Name causes path traversal. The...

7.5CVSS0.00089EPSS
Exploits0References5
CVE
CVEadded 2026/04/29 6:30 p.m.4 views

CVE-2026-7398

CVE-2026-7398 affects florensiawidjaja BioinfoMCP, specifically the Upload Endpoint’s bioinfo_mcp_platform/app.py Upload function. The issue arises from manipulation of the Name argument, enabling path traversal. The vulnerability is remotely exploitable and an exploit has been made public. No af...

7.5CVSS7.1AI score0.00089EPSS
Exploits0References5
NVD
NVDadded 2026/04/29 4:16 p.m.1 views

CVE-2026-7389

A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sortasc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly an...

7.5CVSS0.0004EPSS
Exploits0References4
NVD
NVDadded 2026/04/29 4:16 p.m.2 views

CVE-2026-7388

A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...

5.8CVSS0.00057EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/29 3:30 p.m.4 views

EUVD-2026-26252

A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sortasc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly an...

7.5CVSS7.1AI score0.0004EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/29 3:30 p.m.1 views

CVE-2026-7389

A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sortasc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly an...

7.5CVSS7.1AI score0.0004EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/29 3:15 p.m.2 views

EUVD-2026-26251

A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...

5.8CVSS5AI score0.00057EPSS
Exploits0References4
Circl
Circladded 2026/04/29 2:56 p.m.1 views

CVE-2026-42652

creationtimestamp| type| source ---|---|--- 2026-04-29 14:56:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mknebg6ruc2k...

7.1CVSS4.8AI score0.00039EPSS
Exploits0References1
Rows per page
Query Builder