6.9
CVE-2026-7146 - AlejandroArciniegas mcp-data-vis HTTP Request server.js axios server-side request forgery
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to server-β¦
5.3
CVE-2026-7145 - mettle sendportal Invitation WorkspaceInvitationsController.php destroy authorization
A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attack β¦
5.3
CVE-2026-7144 - 1000 Projects Portfolio Management System MCA update_passwd_process.php authorization
A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update_passwd_process.php. The manipulation of the argument temp_user results in authorization bypass. The attack can be launched remotely. The exploit has been relβ¦
5.3
CVE-2026-7143 - 1000 Projects Portfolio Management System MCA block_status.php sql injection
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and migβ¦
5.3
CVE-2026-7142 - Wooey API Endpoint scripts.py add_or_update_script improper authorization
A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has β¦
6.3
CVE-2026-7141 - vllm KV Block kv_cache_interface.py has_mamba_layers uninitialized resource
A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack β¦
9.3
CVE-2026-7140 - Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has bβ¦
9.3
CVE-2026-7139 - Totolink A8000RU CGI cstecgi.cgi setWiFiAclRules os command injection
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The exβ¦
9.3
CVE-2026-7138 - Totolink A8000RU CGI cstecgi.cgi setNtpCfg os command injection
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The exploiβ¦
9.3
CVE-2026-7137 - Totolink A8000RU CGI cstecgi.cgi setStorageCfg os command injection
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os command injection. Remote exploitation of the attack iβ¦