| CVE-2026-7200 | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this... | medium | |
| CVE-2026-7199 | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected... | medium | |
| CVE-2026-7196 | A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an... | medium | |
| CVE-2026-41372 | OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery... | medium | |
| CVE-2026-41371 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows... | high | |
| CVE-2026-41370 | OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows... | high | |
| CVE-2026-41369 | OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec... | high | |
| CVE-2026-41368 | OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq... | high | |
| CVE-2026-41367 | OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy... | medium | |
| CVE-2026-41366 | OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in... | medium | |
| CVE-2026-41365 | OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread... | medium | |
| CVE-2026-41364 | OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload... | high | |
| CVE-2026-41363 | OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu... | medium | |
| CVE-2026-41362 | OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in... | low | |
| CVE-2026-40977 | When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write... | medium | |
| CVE-2026-40976 | In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized... | critical | |
| CVE-2026-40975 | Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not... | medium | |
| CVE-2026-40974 | Spring Boot's Cassandra auto-configuration does not perform hostname verification when... | medium | |
| CVE-2026-40973 | A local attacker on the same host as the application may be able to take control of the directory... | high | |
| CVE-2026-40972 | An attacker on the same network as the remote application may be able to utilize a timing attack... | high | |
| CVE-2026-27785 | Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials. | high | |
| CVE-2026-7194 | A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_product. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. | medium | 2026-04-27 |
| CVE-2026-7183 | A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be initiated remotely. Upgrading to version 3.2.8 is sufficient to fix this issue. The identifier of the patch is ca1a66fffe282767bb08618af9f848e3b68ea47b. It is suggested to upgrade the affected component. This behavior is related to CVE-2024-37877. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | medium | 2026-04-27 |
| CVE-2026-7179 | A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.file_name leads to path traversal. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project maintainer confirms this issue: "I accept the existence of the Path Traversal vulnerability. However, as stated in the Github link, it reached EOL and as a result no actions should be expected." The GitHub repository mentions, that "[u]sers and contributors should migrate to binwalk v3." This vulnerability only affects products that are no longer supported by the maintainer. | medium | 2026-04-27 |
| CVE-2026-40971 | When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14) per vendor advisory. | medium | 2026-04-27 |
| CVE-2026-28747 | A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed. | high | 2026-04-27 |
| CVE-2026-7178 | A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | medium | 2026-04-27 |
| CVE-2026-7177 | A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | medium | 2026-04-27 |
| CVE-2026-7160 | A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | high | 2026-04-27 |
| CVE-2026-7159 | A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file_path results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor confirms, that the "fix will be published within a few days." | medium | 2026-04-27 |
| CVE-2026-7191 | Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Content Designer interface, which bypasses the intended expression sandbox through JavaScript prototype manipulation. This may grant direct access to backend resources (Lambda environment variables, OpenSearch indices, S3 objects, DynamoDB tables) that are not exposed through normal administrative interfaces. We recommend you upgrade to version 7.3.0 or above. | high | 2026-04-27 |
| CVE-2026-7158 | A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function _validate_url_safe of the file src/mcp_url_downloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet. | medium | 2026-04-27 |
| CVE-2026-7157 | A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py of the component aider_ai_code. This manipulation of the argument relative_editable_files causes command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet. | medium | 2026-04-27 |
| CVE-2026-7156 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now public and may be used. | critical | 2026-04-27 |
| CVE-2026-7155 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | critical | 2026-04-27 |
| CVE-2026-7154 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument tty_server can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | critical | 2026-04-27 |
| CVE-2026-5362 | An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3. | medium | 2026-04-27 |
| CVE-2026-3087 | If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability. | medium | 2026-04-27 |
| CVE-2026-29971 | A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version 2.31.1. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser. | medium | 2026-04-27 |
| CVE-2024-46636 | NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter | critical | 2026-04-27 |
| CVE-2026-7153 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sys_info results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | critical | 2026-04-27 |
| CVE-2026-7152 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet_enabled leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | critical | 2026-04-27 |
| CVE-2026-7151 | A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | high | 2026-04-27 |
| CVE-2026-6741 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute() method of the connect-customer-to-wp-user ability, which only requires the customer__edit capability granted to the latepoint_agent role by default, without verifying whether the target WordPress user ID belongs to a privileged account. This makes it possible for authenticated attackers with the latepoint_agent role to link any LatePoint customer record to an administrator's WordPress account and subsequently reset the administrator's password via the normal customer password-reset flow, resulting in full site takeover. | high | 2026-04-27 |
| CVE-2026-5394 | An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3. | high | 2026-04-27 |
| CVE-2026-7150 | A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generate_favicon_from_url of the file src/auto_favicon/server.py of the component MCP Tool. The manipulation of the argument image_url results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet. | medium | 2026-04-27 |
| CVE-2026-7149 | A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare_kaggle_dataset of the file src/kaggle_mcp/server.py. The manipulation of the argument competition_id leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet. | medium | 2026-04-27 |
| CVE-2026-7148 | A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | medium | 2026-04-27 |
| CVE-2026-7147 | A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performing a manipulation of the argument req.query.base_url results in server-side request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | medium | 2026-04-27 |
| CVE-2026-40970 | When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory. | medium | 2026-04-27 |
