4.8
CVE-2026-40687 - OutβofβBounds Write and Data Disclosure via Exim SPA Authentication Driver
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.
9.6
CVE-2026-36760 - Authenticated File Upload Path Traversal Allowing Arbitrary File Creation in JeeSite 5.15.1
An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled.
0.0
CVE-2026-36766 -
Multiple authenticated cross-site scripting (XSS) vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream() or getReader() functions.
6.1
CVE-2026-36761 - Stored XSS via msgContent in JeeSite msgInner/save
A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter.
4.3
CVE-2026-36758 - SSRF Exploit in Halo 2.22.14 /themes/-/install-from-uri Endpoint Enables Internal Resource Discovery
A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
5.3
CVE-2026-7445 - ZachHandley ZMCPTools MCP Log Resource ResourceManager.ts path traversal
A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP Log Resource Handler. The manipulation of the argument dirname leads to path traversal. Remote exploβ¦
6.9
CVE-2026-7443 - BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched β¦
8.7
CVE-2026-7420 - UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the pβ¦
8.7
CVE-2026-7419 - UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly avβ¦
9.1
CVE-2026-7381 - Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewrβ¦
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the Pβ¦