Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7226 | HIGH | 7.3 | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of … | Apr 28, 2026 |
| CVE-2026-7225 | HIGH | 7.3 | A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function delete_menu of the file /admin/ajax.php?action=delete_menu. Executing a manipulation of … | Apr 28, 2026 |
| CVE-2026-7224 | HIGH | 7.3 | A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function delete_cart of the file /admin/ajax.php?action=delete_cart. Performing a manipulation of … | Apr 28, 2026 |
| CVE-2026-6809 | MEDIUM | 6.4 | The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, … | Apr 28, 2026 |
| CVE-2026-6725 | MEDIUM | 6.4 | The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcsm_text_rotator` shortcode in all … | Apr 28, 2026 |
| CVE-2026-6551 | MEDIUM | 6.4 | The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions … | Apr 28, 2026 |
| CVE-2026-42510 | MEDIUM | 6.6 | OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface. | Apr 28, 2026 |
| CVE-2026-40355 | MEDIUM | 5.9 | In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx … | Apr 28, 2026 |
| CVE-2026-7223 | HIGH | 7.3 | A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component … | Apr 28, 2026 |
| CVE-2026-7222 | LOW | 3.5 | A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component … | Apr 28, 2026 |
| CVE-2026-7221 | HIGH | 7.3 | A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. … | Apr 28, 2026 |
| CVE-2026-7220 | HIGH | 7.3 | A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool. … | Apr 28, 2026 |
| CVE-2026-7219 | HIGH | 7.2 | A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name … | Apr 28, 2026 |
| CVE-2026-7218 | HIGH | 7.2 | A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a … | Apr 28, 2026 |
| CVE-2026-7217 | MEDIUM | 5.3 | A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the … | Apr 28, 2026 |
| CVE-2026-7216 | HIGH | 7.3 | A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processing_server.py of the component create_sketch Tool. … | Apr 28, 2026 |
| CVE-2026-7215 | HIGH | 7.3 | A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of the file mcp_server.py of the component … | Apr 28, 2026 |
| CVE-2026-1460 | HIGH | 7.2 | A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow … | Apr 28, 2026 |
| CVE-2026-0711 | MEDIUM | 6.8 | A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges … | Apr 28, 2026 |
| CVE-2026-7214 | HIGH | 7.3 | A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation of the argument … | Apr 28, 2026 |
| CVE-2026-7213 | HIGH | 7.3 | A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The manipulation of … | Apr 28, 2026 |
| CVE-2026-7212 | HIGH | 7.3 | A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation of the … | Apr 28, 2026 |
| CVE-2026-7211 | HIGH | 7.3 | A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component … | Apr 28, 2026 |
| CVE-2026-7206 | HIGH | 7.3 | A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a … | Apr 28, 2026 |
| CVE-2026-7205 | HIGH | 7.3 | A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to … | Apr 28, 2026 |