High
CVSS: 7.3
Yayın: 2026-04-28 03:16:04
A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer o…
Medium
CVSS: 5.5
Yayın: 2026-04-28 03:16:04
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the component Document File Ha…
Medium
CVSS: 6.9
Yayın: 2026-04-28 03:16:04
A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processing_server.py of the component create_sketch Tool. This manipulation of the arg…
Medium
CVSS: 6.9
Yayın: 2026-04-28 03:16:04
A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of the file mcp_server.py of the component VMD Launch Handler. The manipulation of the argument structure_file/trajectory_file r…
High
CVSS: 7.2
Yayın: 2026-04-28 03:16:02
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator pr…
Medium
CVSS: 6.8
Yayın: 2026-04-28 03:16:02
A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on a…
Medium
CVSS: 6.9
Yayın: 2026-04-28 02:16:08
A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation of the argument WORKSPACE_PATH leads to path trave…
Medium
CVSS: 6.9
Yayın: 2026-04-28 02:16:08
A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The manipulation of the argument filename/destination results in path traversal. The attack may b…
Medium
CVSS: 6.9
Yayın: 2026-04-28 02:16:08
A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation of the argument root_dir/path leads to path traversal. The attack is possible to be carrie…
Medium
CVSS: 6.9
Yayın: 2026-04-28 01:16:02
A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component Git Search API. Executing a manipulation of the argument repo_url/pattern can lead to comm…
Medium
CVSS: 6.9
Yayın: 2026-04-28 01:16:02
A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_filename results in sql injection. Remote exploitati…
Medium
CVSS: 6.9
Yayın: 2026-04-28 01:16:01
A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be…
High
CVSS: 8.9
Yayın: 2026-04-28 01:16:01
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injecti…
High
CVSS: 8.9
Yayın: 2026-04-28 01:16:01
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command…
High
CVSS: 8.9
Yayın: 2026-04-28 01:16:01
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injectio…
High
CVSS: 7.3
Yayın: 2026-04-28 01:16:00
A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.
Critical
CVSS: 9.2
Yayın: 2026-04-28 01:16:00
Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
High
CVSS: 8.6
Yayın: 2026-04-28 01:16:00
An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.
Medium
CVSS: 5.3
Yayın: 2026-04-28 00:16:27
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. Executing a manipulation of the argument ID can lead to cross site scripting. It…
Medium
CVSS: 6.9
Yayın: 2026-04-28 00:16:26
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_product. Performing a manipulation of the argument ID results in sq…