6.9

CVSS4.0

CVE-2026-7206 - dubydu sqlite-mcp entry.py extract_to_json sql injection

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_filename results in sql injection. Remote exploitation of the attack is possible. The exploit has bee…

πŸ“… Published: April 28, 2026, 12:45 a.m. πŸ”„ Last Modified: April 28, 2026, 12:45 a.m.

6.9

CVSS4.0

CVE-2026-7205 - duartium papers-mcp-server main.py search_papers path traversal

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly availa…

πŸ“… Published: April 28, 2026, 12:30 a.m. πŸ”„ Last Modified: April 28, 2026, 12:30 a.m.

9.3

CVSS4.0

CVE-2026-7204 - Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The exp…

πŸ“… Published: April 28, 2026, 12:15 a.m. πŸ”„ Last Modified: April 28, 2026, 12:15 a.m.

9.3

CVSS4.0

CVE-2026-7203 - Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely. T…

πŸ“… Published: April 28, 2026, midnight πŸ”„ Last Modified: April 28, 2026, midnight

8.6

CVSS4.0

CVE-2026-20766 - Milesight Cameras Heap-based Buffer Overflow

An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

πŸ“… Published: April 27, 2026, 11:45 p.m. πŸ”„ Last Modified: April 27, 2026, 11:45 p.m.

9.3

CVSS4.0

CVE-2026-7202 - Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The expl…

πŸ“… Published: April 27, 2026, 11:45 p.m. πŸ”„ Last Modified: April 27, 2026, 11:45 p.m.

7.3

CVSS4.0

CVE-2026-32649 - Milesight Cameras OS Command Injection

A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.

πŸ“… Published: April 27, 2026, 11:42 p.m. πŸ”„ Last Modified: April 27, 2026, 11:42 p.m.

9.2

CVSS4.0

CVE-2026-32644 - Milesight Cameras Use of Hard-coded Cryptographic Key

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.

πŸ“… Published: April 27, 2026, 11:40 p.m. πŸ”„ Last Modified: April 27, 2026, 11:40 p.m.

7.7

CVSS4.0

CVE-2026-27785 - Milesight Cameras Use of Hard-coded Credentials

Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.

πŸ“… Published: April 27, 2026, 11:38 p.m. πŸ”„ Last Modified: April 27, 2026, 11:38 p.m.

4.7

CVSS3.1

CVE-2026-40977 -

When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.…

πŸ“… Published: April 27, 2026, 11:36 p.m. πŸ”„ Last Modified: April 27, 2026, 11:36 p.m.
Total resulsts: 346846
Page 2 of 34,685
Β« previous page Β» next page
Filters