6.3
CVE-2026-7669 - sgl-project SGLang HuggingFace Transformer hf_transformers_utils.py get_tokenizer code injection
A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file python/sglang/srt/utils/hf_transformers_utils.py of the component HuggingFace Transformer Handler. The manipulation of the argument trust_remote_code with the input False as part of Boβ¦
6.9
CVE-2026-7668 - MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiatedβ¦
5.3
CVE-2026-7653 - r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_in_browser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to bβ¦
6.9
CVE-2026-7645 - ruvnet sublinear-time-solver MCP server.js export_state path traversal
A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function export_state of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The explβ¦
6.9
CVE-2026-7644 - ChatGPTNextWeb NextChat actions.ts addMcpServer improper authorization
A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be usedβ¦
5.3
CVE-2026-7643 - ChatGPTNextWeb NextChat API Endpoint Next.js cross-domain policy
A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been puβ¦
5.3
CVE-2026-7642 - pskill9 website-downloader MCP index.ts download_website os command injection
A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download_website of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Theβ¦
6.9
CVE-2026-7633 - Totolink N300RH cstecgi.cgi setUploadSetting file inclusion
A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and mighβ¦
6.9
CVE-2026-7632 - code-projects Online Hospital Management System viewappointment.php sql injection
A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly diβ¦
5.3
CVE-2026-7631 - code-projects Online Hospital Management System Registration improper authorization
A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument Username results in improper authorization. The attack can be executed remotely. The exploit has beenβ¦