CVEs from 2026
Total
13,570
critical
critical 1,185
high
high 4,339
medium
medium 4,230
low
low 458
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 434
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-31249 | high | 7.3 | 7.3 | 21d ago | CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script l… | |||
| CVE-2026-44338 | high | 7.3 | 7.3 | 21d ago | PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution | |||
| CVE-2026-6433 | high | 7.3 | 7.3 | 21d ago | The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval(), allowing unauthenticated users to execut… | |||
| CVE-2026-43655 | high | 7.3 | 7.3 | 22d ago | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected s… | |||
| CVE-2026-43656 | high | 7.3 | 7.3 | 22d ago | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, ma… | |||
| CVE-2026-8216 | high | 7.3 | 7.3 | 23d ago | A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. … | |||
| CVE-2026-44567 | high | 7.3 | 7.3 | 24d ago | Open WebUI has Improper Authorization Control | |||
| CVE-2026-43459 | high | 7.3 | 7.3 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: flush delayed work before removing DAIs and widgets When a sound card is unbound while a PCM stream is open, a us… | |||
| CVE-2026-8133 | high | 7.3 | 7.3 | 25d ago | A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Fileli… | |||
| CVE-2026-8132 | high | 7.3 | 7.3 | 25d ago | A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. T… | |||
| CVE-2026-8131 | high | 7.3 | 7.3 | 25d ago | A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql … | |||
| CVE-2026-8130 | high | 7.3 | 7.3 | 25d ago | A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injecti… | |||
| CVE-2026-8129 | high | 7.3 | 7.3 | 25d ago | A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of the argument delwlistid can… | |||
| CVE-2026-8128 | high | 7.3 | 7.3 | 25d ago | A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid result… | |||
| CVE-2026-8126 | high | 7.3 | 7.3 | 25d ago | A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remot… | |||
| CVE-2026-6411 | high | 7.3 | 7.3 | 25d ago | This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to t… | |||
| CVE-2026-8098 | high | 7.3 | 7.3 | 25d ago | A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sq… | |||
| CVE-2026-8083 | high | 7.3 | 7.3 | 25d ago | A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the argument ID results i… | |||
| CVE-2026-8032 | high | 7.3 | 7.3 | 26d ago | A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KE… | |||
| CVE-2026-40110 | high | 7.3 | 7.3 | 27d ago | Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr) | |||
| CVE-2026-29168 | high | 7.3 | 7.3 | 27d ago | Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users a… | |||
| CVE-2026-43870 | high | 7.3 | 7.3 | 27d ago | Apache Thrift vulnerable to Path Traversal, HTTP Request/Response Splitting, Uncontrolled Resource Consumption | |||
| CVE-2026-43869 | high | 7.3 | 7.3 | 27d ago | Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability | |||
| CVE-2026-7812 | high | 7.3 | 7.3 | 27d ago | A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP… | |||
| CVE-2026-7811 | high | 7.3 | 7.3 | 27d ago | A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component… | |||
| CVE-2026-7810 | high | 7.3 | 7.3 | 28d ago | A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. … | |||
| CVE-2026-7788 | high | 7.3 | 7.3 | 28d ago | A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_documen… | |||
| CVE-2026-7785 | high | 7.3 | 7.3 | 28d ago | A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file… | |||
| CVE-2026-7784 | high | 7.3 | 7.3 | 28d ago | A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipula… | |||
| CVE-2026-7733 | high | 7.3 | 7.3 | 28d ago | Funadmin has an Improper Access Control Issue | |||
| CVE-2026-7735 | high | 7.3 | 7.3 | 28d ago | A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a … | |||
| CVE-2026-7727 | high | 7.3 | 7.3 | 28d ago | A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/… | |||
| CVE-2026-7723 | high | 7.3 | 7.3 | 29d ago | Prefect Unauthenticated Event Injection via /api/events/in WebSocket | |||
| CVE-2026-7711 | high | 7.3 | 7.3 | 29d ago | MindsDB has an Improper Access Control Issue | |||
| CVE-2026-7710 | high | 7.3 | 7.3 | 29d ago | A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Perform… | |||
| CVE-2026-7703 | high | 7.3 | 7.3 | 29d ago | A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be i… | |||
| CVE-2026-7698 | high | 7.3 | 7.3 | 29d ago | A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo.… | |||
| CVE-2026-7695 | high | 7.3 | 7.3 | 29d ago | A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinA… | |||
| CVE-2026-7694 | high | 7.3 | 7.3 | 29d ago | A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMi… | |||
| CVE-2026-7679 | high | 7.3 | 7.3 | 29d ago | A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/servi… | |||
| CVE-2026-7670 | high | 7.3 | 7.3 | 1mo ago | A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql inje… | |||
| CVE-2026-7668 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulatio… | |||
| CVE-2026-7644 | high | 7.3 | 7.3 | 1mo ago | A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote … | |||
| CVE-2026-7632 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid cause… | |||
| CVE-2026-7630 | high | 7.3 | 7.3 | 1mo ago | A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of … | |||
| CVE-2026-7598 | high | 7.3 | 7.3 | 1mo ago | A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/p… | |||
| CVE-2026-7594 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function image_to_3d_async of the file src/index.ts of the component MCP Interface. The manipulation of the argument … | |||
| CVE-2026-7593 | high | 7.3 | 7.3 | 1mo ago | A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interfac… | |||
| CVE-2026-7592 | high | 7.3 | 7.3 | 1mo ago | A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /edit_staff.php. Executing a manipulation of the argument ID can lead to sql… | |||
| CVE-2026-7590 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was identified in eyal-gor p_69_branch_monkey_mcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branch_monkey_mcp/bridge_and_… | |||
| CVE-2026-43025 | high | 7.3 | 7.3 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ignore explicit helper on new expectations Use the existing master conntrack helper, anything else is not r… | |||
| CVE-2026-7579 | high | 7.3 | 7.3 | 1mo ago | AstrBot Makes Use of Hard-coded Password | |||
| CVE-2026-7555 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql inje… | |||
| CVE-2026-7550 | high | 7.3 | 7.3 | 1mo ago | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The manipulation of the argument … | |||
| CVE-2026-7549 | high | 7.3 | 7.3 | 1mo ago | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_customer. Executing a manipulation of the argumen… | |||
| CVE-2026-7545 | high | 7.3 | 7.3 | 1mo ago | A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown function of the file commonController.php of the component checkEmail Endpoi… | |||
| CVE-2026-7519 | high | 7.3 | 7.3 | 1mo ago | A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename… | |||
| CVE-2026-7506 | high | 7.3 | 7.3 | 1mo ago | A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument room_type le… | |||
| CVE-2026-7505 | high | 7.3 | 7.3 | 1mo ago | A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attac… | |||
| CVE-2026-7468 | high | 7.3 | 7.3 | 1mo ago | A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipul… | |||
| CVE-2026-7446 | high | 7.3 | 7.3 | 1mo ago | mcp-server-semgrep has a Command Injection issue | |||
| CVE-2026-7443 | high | 7.3 | 7.3 | 1mo ago | A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing … | |||
| CVE-2026-7417 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of t… | |||
| CVE-2026-7416 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation of th… | |||
| CVE-2026-7404 | high | 7.3 | 7.3 | 1mo ago | mcpo-simple-server has a Path Traversal issue | |||
| CVE-2026-7400 | high | 7.3 | 7.3 | 1mo ago | A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_… | |||
| CVE-2026-7398 | high | 7.3 | 7.3 | 1mo ago | A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfo_mcp_platform/app.py of… | |||
| CVE-2026-7389 | high | 7.3 | 7.3 | 1mo ago | A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sort_asc leads… | |||
| CVE-2026-7386 | high | 7.3 | 7.3 | 1mo ago | A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mail_mcp_server.py. Executing a manipulation of the argument message_ids can lead to pa… | |||
| CVE-2026-7384 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_se… | |||
| CVE-2026-42377 | high | 7.3 | 7.3 | 1mo ago | Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.… | |||
| CVE-2026-7319 | high | 7.3 | 7.3 | 1mo ago | A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Too… | |||
| CVE-2026-7316 | high | 7.3 | 7.3 | 1mo ago | A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The m… | |||
| CVE-2026-7315 | high | 7.3 | 7.3 | 1mo ago | A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get_pdf_path of the file src/spire_pdf_mcp/server.py of the component PDF File Handler. Executing a manipulatio… | |||
| CVE-2026-7314 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get_doc_path of the file src/spire_doc_mcp/api/base.py. Performing a manipulation of the argument docume… | |||
| CVE-2026-41392 | high | 7.3 | 7.3 | 1mo ago | OpenClaw: Shell init-file options could satisfy exec allowlist script matching | |||
| CVE-2026-41390 | high | 7.3 | 7.3 | 1mo ago | OpenClaw has a gateway exec allowlist allow-always bypass via unregistered /usr/bin/script wrapper | |||
| CVE-2026-41380 | high | 7.3 | 7.3 | 1mo ago | OpenClaw gateway exec allow-always over-trusts positional carrier executables | |||
| CVE-2026-7324 | high | 7.3 | 7.3 | 1mo ago | Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitr… | |||
| CVE-2026-7272 | high | 7.3 | 7.3 | 1mo ago | A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generate_matlab_code/execute_matlab_code of the file src… | |||
| CVE-2026-5435 | high | 7.3 | 7.3 | 1mo ago | The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write w… | |||
| CVE-2026-41605 | high | 7.3 | 7.3 | 1mo ago | Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |||
| CVE-2026-7237 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to… | |||
| CVE-2026-7234 | high | 7.3 | 7.3 | 1mo ago | A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/component_server/server.js. Executing a manipulation of th… | |||
| CVE-2026-7228 | high | 7.3 | 7.3 | 1mo ago | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get_cart_count of the file /admin/ajax.php?action=get_cart_count. This manipulation of the a… | |||
| CVE-2026-7227 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results i… | |||
| CVE-2026-7226 | high | 7.3 | 7.3 | 1mo ago | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of the ar… | |||
| CVE-2026-7225 | high | 7.3 | 7.3 | 1mo ago | A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function delete_menu of the file /admin/ajax.php?action=delete_menu. Executing a manipula… | |||
| CVE-2026-7224 | high | 7.3 | 7.3 | 1mo ago | A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function delete_cart of the file /admin/ajax.php?action=delete_cart. Performing a manipulation of … | |||
| CVE-2026-7223 | high | 7.3 | 7.3 | 1mo ago | BigSweetPotatoStudio HyperChat has a Server-Side Request Forgery issue | |||
| CVE-2026-7221 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipu… | |||
| CVE-2026-7220 | high | 7.3 | 7.3 | 1mo ago | A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool.… | |||
| CVE-2026-7206 | high | 7.3 | 7.3 | 1mo ago | sqlite-mcp has an Injection issue | |||
| CVE-2026-7216 | high | 7.3 | 7.3 | 1mo ago | A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processing_server.py of the compone… | |||
| CVE-2026-7215 | high | 7.3 | 7.3 | 1mo ago | A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of the file mcp_server.py of the component VMD Launch Handler. The manipulati… | |||
| CVE-2026-7214 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation… | |||
| CVE-2026-7213 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The manipulation of the argument filename/dest… | |||
| CVE-2026-7212 | high | 7.3 | 7.3 | 1mo ago | notes-mcp has a Path Traversal issue | |||
| CVE-2026-7211 | high | 7.3 | 7.3 | 1mo ago | A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component Git Search API. Executing a manipulatio… | |||
| CVE-2026-7205 | high | 7.3 | 7.3 | 1mo ago | A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argumen… |