Threat Intelligence Feed

CVE-2026-7194 A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown functi CVE-2026-7183 A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMess CVE-2026-7179 A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_nul CVE-2026-40971 When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification w CVE-2026-28747 A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization CVE-2026-7178 A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file a CVE-2026-7177 A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function prox CVE-2026-7160 A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boafor CVE-2026-7159 A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_document CVE-2026-7191 Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may all CVE-2026-7158 A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected CVE-2026-7157 A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulner CVE-2026-7156 A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /c CVE-2026-7155 A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPa CVE-2026-7154 A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of CVE-2026-5362 An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed CVE-2026-3087 If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then th CVE-2026-29971 A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version 2.31.1. User-controlled input is refle CVE-2024-46636 NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection v CVE-2026-7153 A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMin CVE-2026-7152 A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCf CVE-2026-7151 A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6 CVE-2026-6741 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Esca CVE-2026-5394 An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled CVE-2026-7150 A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the CVE-2026-7149 A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerabilit CVE-2026-7148 A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Execut CVE-2026-7147 A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functiona CVE-2026-40970 When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verificat CVE-2026-35903 MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP s CVE-2026-35902 The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication att CVE-2026-35901 A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attac CVE-2026-32655 Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A l CVE-2026-31256 A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931 CVE-2026-31255 A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/S CVE-2025-69428 An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdi CVE-2021-36438 SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobpor CVE-2026-7146 A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b49 CVE-2026-7145 A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/C CVE-2026-7144 A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown functi CVE-2026-7194 A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown functi CVE-2026-7183 A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMess CVE-2026-7179 A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_nul CVE-2026-40971 When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification w CVE-2026-28747 A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization CVE-2026-7178 A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file a CVE-2026-7177 A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function prox CVE-2026-7160 A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boafor CVE-2026-7159 A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_document CVE-2026-7191 Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may all CVE-2026-7158 A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected CVE-2026-7157 A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulner CVE-2026-7156 A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /c CVE-2026-7155 A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPa CVE-2026-7154 A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of CVE-2026-5362 An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed CVE-2026-3087 If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then th CVE-2026-29971 A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version 2.31.1. User-controlled input is refle CVE-2024-46636 NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection v CVE-2026-7153 A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMin CVE-2026-7152 A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCf CVE-2026-7151 A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6 CVE-2026-6741 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Esca CVE-2026-5394 An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled CVE-2026-7150 A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the CVE-2026-7149 A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerabilit CVE-2026-7148 A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Execut CVE-2026-7147 A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functiona CVE-2026-40970 When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verificat CVE-2026-35903 MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP s CVE-2026-35902 The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication att CVE-2026-35901 A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attac CVE-2026-32655 Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A l CVE-2026-31256 A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931 CVE-2026-31255 A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/S CVE-2025-69428 An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdi CVE-2021-36438 SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobpor CVE-2026-7146 A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b49 CVE-2026-7145 A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/C CVE-2026-7144 A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown functi