Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7418 | HIGH | 8.8 | A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of … | Apr 29, 2026 |
| CVE-2026-7417 | HIGH | 7.3 | A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation … | Apr 29, 2026 |
| CVE-2026-7416 | HIGH | 7.3 | A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation … | Apr 29, 2026 |
| CVE-2026-7410 | MEDIUM | 6.3 | A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument … | Apr 29, 2026 |
| CVE-2026-7409 | MEDIUM | 4.7 | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead … | Apr 29, 2026 |
| CVE-2026-7408 | MEDIUM | 4.7 | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Performing a manipulation … | Apr 29, 2026 |
| CVE-2026-7407 | MEDIUM | 4.7 | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save_settings of … | Apr 29, 2026 |
| CVE-2026-7404 | HIGH | 7.3 | A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument … | Apr 29, 2026 |
| CVE-2026-7403 | MEDIUM | 5.3 | A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list_rules/fetch_rule of the file src/gel_mcp/server.py. The manipulation of the argument rule_name … | Apr 29, 2026 |
| CVE-2026-1858 | MEDIUM | 4.8 | wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private … | Apr 29, 2026 |
| CVE-2025-50328 | HIGH | 7.3 | A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive … | Apr 29, 2026 |
| CVE-2026-7426 | HIGH | 8.1 | Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause … | Apr 29, 2026 |
| CVE-2026-7425 | MEDIUM | 6.5 | Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial … | Apr 29, 2026 |
| CVE-2026-7401 | MEDIUM | 4.3 | A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of … | Apr 29, 2026 |
| CVE-2026-7400 | HIGH | 7.3 | A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Such … | Apr 29, 2026 |
| CVE-2026-34965 | HIGH | 8.8 | Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP … | Apr 29, 2026 |
| CVE-2018-25318 | CRITICAL | 9.8 | Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send … | Apr 29, 2026 |
| CVE-2018-25317 | CRITICAL | 9.8 | Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. … | Apr 29, 2026 |
| CVE-2018-25316 | CRITICAL | 9.8 | Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can … | Apr 29, 2026 |
| CVE-2018-25315 | HIGH | 8.4 | Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License … | Apr 29, 2026 |
| CVE-2018-25314 | HIGH | 8.4 | Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying … | Apr 29, 2026 |
| CVE-2018-25313 | MEDIUM | 6.2 | SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an … | Apr 29, 2026 |
| CVE-2018-25312 | MEDIUM | 6.5 | LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. … | Apr 29, 2026 |
| CVE-2018-25311 | MEDIUM | 6.5 | VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences … | Apr 29, 2026 |
| CVE-2018-25310 | MEDIUM | 4.3 | VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a … | Apr 29, 2026 |