6.9
CVE-2026-7206 - dubydu sqlite-mcp entry.py extract_to_json sql injection
A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_filename results in sql injection. Remote exploitation of the attack is possible. The exploit has beeβ¦
6.9
CVE-2026-7205 - duartium papers-mcp-server main.py search_papers path traversal
A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly availaβ¦
9.3
CVE-2026-7204 - Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The expβ¦
9.3
CVE-2026-7203 - Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely. Tβ¦
8.6
CVE-2026-20766 - Milesight Cameras Heap-based Buffer Overflow
An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.
9.3
CVE-2026-7202 - Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The explβ¦
7.3
CVE-2026-32649 - Milesight Cameras OS Command Injection
A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.
9.2
CVE-2026-32644 - Milesight Cameras Use of Hard-coded Cryptographic Key
Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
7.7
CVE-2026-27785 - Milesight Cameras Use of Hard-coded Credentials
Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.
4.7
CVE-2026-40977 -
When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0β4.0.5 (fix 4.0.6), 3.5.0β3.5.13 (fix 3.5.14), 3.4.0β3.4.15 (fix 3.4.β¦