Lucene search
K
RedhatcveRecent

206406 matches found

RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7112

A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function checkauth of the file gateway/platforms/apiserver.py of the component APISERVERKEY Handler. The manipulation leads to improper authentication. The attack can be initiated remotely. Th...

6.3CVSS5AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7745

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•12 views

CVE-2026-7143

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•11 views

CVE-2026-7709

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS6.2AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•8 views

CVE-2026-7238

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and...

5.8CVSS5.2AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7715

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...

6.5CVSS6.1AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7292

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The...

6.3CVSS5AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7583

A flaw has been found in Open5GS up to 2.7.7. This issue affects the function bsfsessfindbyipv6prefix of the file /src/bsf/context.c of the component BSF. This manipulation of the argument ipv6Prefix causes denial of service. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS5.1AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•15 views

CVE-2026-7385

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses...

5.8CVSS5.5AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•11 views

CVE-2026-7268

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function savecategory of the file /admin/ajax.php?action=savecategory. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote. The exploit has been...

6.5CVSS6.4AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7553

A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexercises.php. The manipulation of the argument editexercise results in sql injection. It is possible to launch the attack remotely. The exploit...

5.8CVSS5.4AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7596

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

5.3CVSS3.6AI score0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7229

A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the...

6.5CVSS6.4AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7265

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploi...

6.5CVSS6.4AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•8 views

CVE-2026-7862

The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment...

8.6CVSS5.5AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7409

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

5.8CVSS5.4AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7742

A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...

6.5CVSS6.5AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7724

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

5CVSS4.8AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7302

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS5.6AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7445

A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP Log Resource Handler. The manipulation of the argument dirname leads to path traversal. Remote...

6.5CVSS6.1AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7113

A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument INSECURENOAUTH results in missing authentication. The attack can be...

6.3CVSS5.3AI score0.00362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•16 views

CVE-2026-7391

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function savesupplier of the file /ajax.php?action=savesupplier. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publish...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7283

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function saveexpired of the file /ajax.php?action=saveexpired. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit ha...

5.8CVSS5.4AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•11 views

CVE-2026-7580

A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Processmrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argument -ee results in code injection. Attacking locally is a requirement. Upgrading to version 13.54 i...

5.3CVSS5.4AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7085

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

5CVSS5.3AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•12 views

CVE-2026-7090

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

4.8CVSS3.8AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7135

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...

5.3CVSS5.1AI score0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•12 views

CVE-2026-7720

A weakness has been identified in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack ...

6.5CVSS6.3AI score0.00916EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7108

A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This affects an unknown function. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used...

5.3CVSS5AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•8 views

CVE-2026-7401

A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument studentid/fullname/section/username results ...

5.3CVSS4AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7117

A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token can lead to sql injection. The attack can be executed remotely. The exploit has been made available...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•11 views

CVE-2026-7845

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...

2.6CVSS4.5AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7296

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

4.8CVSS3.9AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•13 views

CVE-2026-7764

An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a Denial of Service kernel oops/panic via a...

6.8CVSS5.4AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7890

In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation enabling redirect-to-internal bypasses. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.1 with a vector...

6.4CVSS5.4AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•11 views

CVE-2026-7254

IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users...

5.3CVSS5.4AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•11 views

CVE-2026-7148

A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

6.5CVSS6.5AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7731

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file getstate.php. The manipulation of the argument GSTATEID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...

6.5CVSS6.3AI score0.00246EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7281

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. Th...

4.8CVSS3.6AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7010

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

6.5CVSS5.5AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7746

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /productexpiry/edit-admin.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7782

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

6.5CVSS6.2AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7083

A vulnerability has been found in likeadmin-likeshop likeadminphp up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to...

5.8CVSS5.2AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7164

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...

7.5CVSS5.5AI score0.00432EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7728

A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function getdoccontent/readdoc/updatedoc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal. The attack can be launched remotely. The exploit is publicly...

6.5CVSS6.3AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7317

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

5CVSS4.8AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7290

A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql...

6.5CVSS6.2AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-21404

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS5.5AI score0.00122EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7407

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /pizzafy/admin/ajax.php?action=savesettings of the component Setting Handler. Such manipulation leads to sql injection. It is possible...

5.8CVSS5.3AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7144

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file updatepasswdprocess.php. The manipulation of the argument tempuser results in authorization bypass. The attack can be launched remotely. The exploit has been...

5.3CVSS5.2AI score0.00215EPSS
Exploits0References1
Total number of security vulnerabilities206406