CVE Database

36609+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-7225
7.3 HIGH

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function delete_menu of the file /admin/ajax.php?action=delete_menu. Executing a manipulation of …

Apr 28, 2026
CVE-2026-7224
7.3 HIGH

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function delete_cart of the file /admin/ajax.php?action=delete_cart. Performing a manipulation of …

Apr 28, 2026
CVE-2026-7223
7.3 HIGH

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component …

Apr 28, 2026
CVE-2026-7221
7.3 HIGH

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. …

Apr 28, 2026
CVE-2026-7220
7.3 HIGH

A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool. …

Apr 28, 2026
CVE-2026-7219
7.2 HIGH

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name …

Apr 28, 2026
CVE-2026-7218
7.2 HIGH

A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a …

Apr 28, 2026
CVE-2026-7216
7.3 HIGH

A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processing_server.py of the component create_sketch Tool. …

Apr 28, 2026
CVE-2026-7215
7.3 HIGH

A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of the file mcp_server.py of the component …

Apr 28, 2026
CVE-2026-1460
7.2 HIGH

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow …

Apr 28, 2026
CVE-2026-7214
7.3 HIGH

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation of the argument …

Apr 28, 2026
CVE-2026-7213
7.3 HIGH

A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The manipulation of …

Apr 28, 2026
CVE-2026-7212
7.3 HIGH

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation of the …

Apr 28, 2026
CVE-2026-7211
7.3 HIGH

A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component …

Apr 28, 2026
CVE-2026-7206
7.3 HIGH

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a …

Apr 28, 2026
CVE-2026-7205
7.3 HIGH

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to …

Apr 28, 2026
CVE-2026-20766
8.8 HIGH

An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

Apr 28, 2026
CVE-2026-7199
7.3 HIGH

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_product. Performing …

Apr 28, 2026
CVE-2026-41371
8.5 HIGH

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target …

Apr 28, 2026
CVE-2026-41364
8.1 HIGH

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this …

Apr 28, 2026
CVE-2026-40973
7.0 HIGH

A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is …

Apr 28, 2026
CVE-2026-40972
7.5 HIGH

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. …

Apr 28, 2026
CVE-2026-27785
8.8 HIGH

Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.

Apr 28, 2026
CVE-2026-7194
7.3 HIGH

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_product. This manipulation of …

Apr 27, 2026
CVE-2026-28747
7.1 HIGH

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.

Apr 27, 2026
CVE-2026-7178
7.3 HIGH

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. …

Apr 27, 2026
CVE-2026-7177
7.3 HIGH

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The …

Apr 27, 2026
CVE-2026-7160
8.8 HIGH

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize …

Apr 27, 2026
CVE-2026-7159
7.3 HIGH

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument …

Apr 27, 2026
CVE-2026-7191
7.2 HIGH

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary …

Apr 27, 2026
CVE-2026-7158
7.3 HIGH

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function _validate_url_safe of the file src/mcp_url_downloader/server.py. Such manipulation …

Apr 27, 2026
CVE-2026-7157
7.3 HIGH

A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py of the …

Apr 27, 2026
CVE-2026-3087
7.5 HIGH

If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target …

Apr 27, 2026
CVE-2026-7151
8.8 HIGH

A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based …

Apr 27, 2026
CVE-2026-6741
8.8 HIGH

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. …

Apr 27, 2026
CVE-2026-7149
7.3 HIGH

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare_kaggle_dataset of the file src/kaggle_mcp/server.py. The manipulation of the …

Apr 27, 2026
CVE-2026-7147
7.3 HIGH

A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component …

Apr 27, 2026
CVE-2026-31256
7.5 HIGH

A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request …

Apr 27, 2026
CVE-2025-69428
7.5 HIGH

An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories.

Apr 27, 2026
CVE-2026-7146
7.3 HIGH

A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of …

Apr 27, 2026
CVE-2026-31690
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the …

Apr 27, 2026
CVE-2026-31688
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site …

Apr 27, 2026
CVE-2026-31686
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasan_free_pxd() assumes the page table is always struct …

Apr 27, 2026
CVE-2025-69689
8.8 HIGH

The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which …

Apr 27, 2026
CVE-2026-38934
8.8 HIGH

Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php

Apr 27, 2026
CVE-2026-41463
8.8 HIGH

ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write …

Apr 27, 2026
CVE-2026-30351
7.5 HIGH

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing …

Apr 27, 2026
CVE-2026-7131
7.3 HIGH

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. …

Apr 27, 2026
CVE-2026-30350
7.5 HIGH

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST …

Apr 27, 2026
CVE-2026-7130
7.3 HIGH

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_category. Executing …

Apr 27, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.