Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7375 | MEDIUM | 5.5 | UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | Apr 30, 2026 |
| CVE-2026-6868 | MEDIUM | 5.5 | HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | Apr 30, 2026 |
| CVE-2025-13030 | HIGH | 7.1 | All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files … | Apr 30, 2026 |
| CVE-2026-7470 | HIGH | 8.8 | A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes … | Apr 30, 2026 |
| CVE-2026-7469 | MEDIUM | 6.3 | A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in … | Apr 30, 2026 |
| CVE-2026-7468 | HIGH | 7.3 | A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo … | Apr 30, 2026 |
| CVE-2026-7447 | MEDIUM | 6.3 | A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the … | Apr 30, 2026 |
| CVE-2026-7446 | HIGH | 7.3 | A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of … | Apr 30, 2026 |
| CVE-2026-7445 | MEDIUM | 6.3 | A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of … | Apr 30, 2026 |
| CVE-2026-7443 | HIGH | 7.3 | A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the … | Apr 29, 2026 |
| CVE-2026-7420 | HIGH | 8.8 | A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of … | Apr 29, 2026 |
| CVE-2026-7419 | HIGH | 8.8 | A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the … | Apr 29, 2026 |
| CVE-2026-7381 | CRITICAL | 9.1 | Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via … | Apr 29, 2026 |
| CVE-2026-6221 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 29, 2026 |
| CVE-2026-7418 | HIGH | 8.8 | A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of … | Apr 29, 2026 |
| CVE-2026-7417 | HIGH | 7.3 | A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation … | Apr 29, 2026 |
| CVE-2026-7416 | HIGH | 7.3 | A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation … | Apr 29, 2026 |
| CVE-2026-7410 | MEDIUM | 6.3 | A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument … | Apr 29, 2026 |
| CVE-2026-7409 | MEDIUM | 4.7 | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead … | Apr 29, 2026 |
| CVE-2026-7408 | MEDIUM | 4.7 | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Performing a manipulation … | Apr 29, 2026 |
| CVE-2026-7407 | MEDIUM | 4.7 | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save_settings of … | Apr 29, 2026 |
| CVE-2026-7404 | HIGH | 7.3 | A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument … | Apr 29, 2026 |
| CVE-2026-7403 | MEDIUM | 5.3 | A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list_rules/fetch_rule of the file src/gel_mcp/server.py. The manipulation of the argument rule_name … | Apr 29, 2026 |
| CVE-2026-1858 | MEDIUM | 4.8 | wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private … | Apr 29, 2026 |
| CVE-2025-50328 | HIGH | 7.3 | A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive … | Apr 29, 2026 |