Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12557
Total
848
Critical
3598
High
3936
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7159 | HIGH | 7.3 | A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument … | Apr 27, 2026 |
| CVE-2026-7191 | HIGH | 7.2 | Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary … | Apr 27, 2026 |
| CVE-2026-7158 | HIGH | 7.3 | A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function _validate_url_safe of the file src/mcp_url_downloader/server.py. Such manipulation … | Apr 27, 2026 |
| CVE-2026-7157 | HIGH | 7.3 | A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py of the … | Apr 27, 2026 |
| CVE-2026-7156 | CRITICAL | 9.8 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of … | Apr 27, 2026 |
| CVE-2026-7155 | CRITICAL | 9.8 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The … | Apr 27, 2026 |
| CVE-2026-7154 | CRITICAL | 9.8 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a … | Apr 27, 2026 |
| CVE-2026-5362 | UNKNOWN | — | An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published … | Apr 27, 2026 |
| CVE-2026-3087 | UNKNOWN | — | If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target … | Apr 27, 2026 |
| CVE-2026-29971 | MEDIUM | 6.1 | A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts … | Apr 27, 2026 |
| CVE-2024-46636 | CRITICAL | 9.4 | NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter | Apr 27, 2026 |
| CVE-2026-7153 | CRITICAL | 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI … | Apr 27, 2026 |
| CVE-2026-7152 | CRITICAL | 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such … | Apr 27, 2026 |
| CVE-2026-7151 | HIGH | 8.8 | A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based … | Apr 27, 2026 |
| CVE-2026-6741 | HIGH | 8.8 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. … | Apr 27, 2026 |
| CVE-2026-5394 | UNKNOWN | — | An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the … | Apr 27, 2026 |
| CVE-2026-7150 | MEDIUM | 6.3 | A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generate_favicon_from_url of the file src/auto_favicon/server.py of the component MCP Tool. … | Apr 27, 2026 |
| CVE-2026-7149 | HIGH | 7.3 | A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare_kaggle_dataset of the file src/kaggle_mcp/server.py. The manipulation of the … | Apr 27, 2026 |
| CVE-2026-7148 | MEDIUM | 6.3 | A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument … | Apr 27, 2026 |
| CVE-2026-7147 | HIGH | 7.3 | A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component … | Apr 27, 2026 |
| CVE-2026-40970 | MEDIUM | 5.0 | When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot … | Apr 27, 2026 |
| CVE-2026-35903 | CRITICAL | 9.8 | MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE … | Apr 27, 2026 |
| CVE-2026-35902 | MEDIUM | 6.2 | The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with … | Apr 27, 2026 |
| CVE-2026-35901 | MEDIUM | 4.4 | A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly … | Apr 27, 2026 |
| CVE-2026-32655 | MEDIUM | 5.3 | Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit … | Apr 27, 2026 |