Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12557
Total
848
Critical
3598
High
3936
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7221 | HIGH | 7.3 | A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. … | Apr 28, 2026 |
| CVE-2026-7220 | HIGH | 7.3 | A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool. … | Apr 28, 2026 |
| CVE-2026-7219 | HIGH | 7.2 | A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name … | Apr 28, 2026 |
| CVE-2026-7218 | HIGH | 7.2 | A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a … | Apr 28, 2026 |
| CVE-2026-7217 | MEDIUM | 5.3 | A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the … | Apr 28, 2026 |
| CVE-2026-7216 | HIGH | 7.3 | A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processing_server.py of the component create_sketch Tool. … | Apr 28, 2026 |
| CVE-2026-7215 | HIGH | 7.3 | A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of the file mcp_server.py of the component … | Apr 28, 2026 |
| CVE-2026-1460 | HIGH | 7.2 | A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow … | Apr 28, 2026 |
| CVE-2026-0711 | MEDIUM | 6.8 | A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges … | Apr 28, 2026 |
| CVE-2026-7214 | HIGH | 7.3 | A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation of the argument … | Apr 28, 2026 |
| CVE-2026-7213 | HIGH | 7.3 | A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The manipulation of … | Apr 28, 2026 |
| CVE-2026-7212 | HIGH | 7.3 | A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation of the … | Apr 28, 2026 |
| CVE-2026-7211 | HIGH | 7.3 | A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component … | Apr 28, 2026 |
| CVE-2026-7206 | HIGH | 7.3 | A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a … | Apr 28, 2026 |
| CVE-2026-7205 | HIGH | 7.3 | A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to … | Apr 28, 2026 |
| CVE-2026-7204 | CRITICAL | 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation … | Apr 28, 2026 |
| CVE-2026-7203 | CRITICAL | 9.8 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation … | Apr 28, 2026 |
| CVE-2026-7202 | CRITICAL | 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation … | Apr 28, 2026 |
| CVE-2026-32649 | MEDIUM | 6.8 | A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras. | Apr 28, 2026 |
| CVE-2026-32644 | CRITICAL | 9.8 | Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys. | Apr 28, 2026 |
| CVE-2026-20766 | HIGH | 8.8 | An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras. | Apr 28, 2026 |
| CVE-2026-7200 | MEDIUM | 4.3 | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. … | Apr 28, 2026 |
| CVE-2026-7199 | HIGH | 7.3 | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_product. Performing … | Apr 28, 2026 |
| CVE-2026-7196 | MEDIUM | 6.3 | A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument … | Apr 28, 2026 |
| CVE-2026-41372 | MEDIUM | 5.8 | OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses … | Apr 28, 2026 |