Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7319 | HIGH | 7.3 | A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. … | Apr 28, 2026 |
| CVE-2026-7318 | MEDIUM | 5.9 | A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the argument topic … | Apr 28, 2026 |
| CVE-2026-7317 | MEDIUM | 5.0 | A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component … | Apr 28, 2026 |
| CVE-2026-7316 | HIGH | 7.3 | A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The … | Apr 28, 2026 |
| CVE-2026-7315 | HIGH | 7.3 | A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get_pdf_path of the file src/spire_pdf_mcp/server.py of the component PDF File Handler. Executing … | Apr 28, 2026 |
| CVE-2026-7314 | HIGH | 7.3 | A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get_doc_path of the file src/spire_doc_mcp/api/base.py. Performing a manipulation of the argument document_name results … | Apr 28, 2026 |
| CVE-2026-7306 | MEDIUM | 5.6 | A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the … | Apr 28, 2026 |
| CVE-2026-7305 | MEDIUM | 6.3 | A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component … | Apr 28, 2026 |
| CVE-2026-7303 | LOW | 3.7 | A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution … | Apr 28, 2026 |
| CVE-2026-7297 | LOW | 2.4 | A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation of the … | Apr 28, 2026 |
| CVE-2026-7296 | LOW | 2.4 | A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_order of the file /admin/ajax.php?action=save_order. Performing a manipulation of the argument … | Apr 28, 2026 |
| CVE-2026-41649 | HIGH | 7.7 | Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure … | Apr 28, 2026 |
| CVE-2026-41446 | CRITICAL | 9.8 | Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and … | Apr 28, 2026 |
| CVE-2026-37750 | MEDIUM | 6.1 | A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the … | Apr 28, 2026 |
| CVE-2026-33467 | MEDIUM | 5.9 | Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents … | Apr 28, 2026 |
| CVE-2026-7295 | LOW | 2.4 | A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Such manipulation … | Apr 28, 2026 |
| CVE-2026-7294 | LOW | 2.4 | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /admin/index.php?page=save_settings. This manipulation … | Apr 28, 2026 |
| CVE-2026-7293 | MEDIUM | 4.7 | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function delete_category of the file /admin/ajax.php?action=delete_category. The manipulation of the argument ID … | Apr 28, 2026 |
| CVE-2026-7292 | MEDIUM | 5.6 | A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The … | Apr 28, 2026 |
| CVE-2026-7291 | MEDIUM | 6.3 | A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing … | Apr 28, 2026 |
| CVE-2026-7290 | MEDIUM | 6.3 | A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation … | Apr 28, 2026 |
| CVE-2026-6807 | MEDIUM | 5.5 | A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. … | Apr 28, 2026 |
| CVE-2026-6238 | MEDIUM | 6.5 | The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA … | Apr 28, 2026 |
| CVE-2026-5794 | UNKNOWN | — | A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a … | Apr 28, 2026 |
| CVE-2026-42432 | HIGH | 7.8 | OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing … | Apr 28, 2026 |