6.9
CVE-2026-5012 - elecV2 elecV2P rpc pm2run os command injection
A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem earlyโฆ
9.8
CVE-2026-3256 - HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will comeโฆ
9.8
CVE-2025-15604 - Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functโฆ
Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions. In versions 6.06 through 6.16, the random_string function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 haโฆ
5.3
CVE-2026-5011 - elecV2 elecV2P JSON webhook runJSFile code injection
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit isโฆ
4.8
CVE-2026-5007 - kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection
A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly aโฆ
8.7
CVE-2026-5004 - Wavlink WL-WN579X3-C UPNP firewall.cgi sub_4019FC stack-based overflow
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack remoโฆ
6.9
CVE-2026-5003 - PromtEngineer localGPT Web api_server.py handle_index information disclosure
A vulnerability was found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. This affects the function handle_index of the file rag_system/api_server.py of the component Web Interface. Performing a manipulation results in information disclosure. It is possible to initiate theโฆ
6.9
CVE-2026-5002 - PromtEngineer localGPT LLM Prompt server.py _route_using_overviews injection
A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted element is the function _route_using_overviews of the file backend/server.py of the component LLM Prompt Handler. Such manipulation leads to injection. The attack may be performed fโฆ
6.9
CVE-2026-5001 - PromtEngineer localGPT server.py do_POST unrestricted upload
A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function do_POST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publishedโฆ
6.9
CVE-2026-5000 - PromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authentication
A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the function LocalGPTHandler of the file backend/server.py of the component API Endpoint. The manipulation of the argument BaseHTTPRequestHandler results in missing authentication. Theโฆ