Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-7064 — AgentDeskAI browser-tools-mcp browser-connector.ts os command injection

A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead…

Remote | Injection
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
7.5 HIGH
CVE-2026-7063 — code-projects Employee Management System Endpoint eprocess.php sql injection

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performin…

Remote | Injection
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
7.5 HIGH
CVE-2026-7062 — Intina47 context-sync Git Integration git-integration.ts os command injection

A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation le…

Remote | Injection
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
0.0 NA
CVE-2026-7066 — choieastsea simple-openstack-mcp server.py exec_openstack os command injection

A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulati…

| Injection
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
0.0 NA
CVE-2026-7065 — BidingCC BuildingAI Remote Upload API file-storage.service.ts uploadRemoteFile server-sid…

A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the comp…

| Server-Side Request Forgery
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
7.5 HIGH
CVE-2026-7061 — Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. …

Remote | Injection
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
7.5 HIGH
CVE-2026-7060 — liyupi yu-picture MyBatis-Plus PictureServiceImpl.java PageRequest sql injection

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupictu…

Remote | Injection
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
5.5 MEDIUM
CVE-2026-7059 — 666ghj MiroFish Query Parameter simulation.py get_simulation_posts path traversal

A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing…

Remote | Path Traversal
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
7.5 HIGH
CVE-2026-7058 — 666ghj MiroFish Inter-Process Communication simulation_ipc.py SimulationIPCClient.send_co…

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py of the componen…

Remote | Injection
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
9.0 HIGH
CVE-2026-7057 — Tenda F456 httpd setcfm buffer overflow

A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes…

Remote | Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
9.0 HIGH
CVE-2026-7056 — Tenda F456 httpd SafeUrlFilter fromSafeUrlFilter buffer overflow

A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results …

Remote | Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
9.0 HIGH
CVE-2026-7055 — Tenda F456 httpd VirtualSer fromVirtualSer buffer overflow

A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The manipulation of the argumen…

Remote | Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
9.0 HIGH
CVE-2026-7054 — Tenda F456 httpd PPTPDClient fromPptpUserAdd buffer overflow

A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the a…

Remote | Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
9.0 HIGH
CVE-2026-7053 — Tenda F456 httpd L7Prot frmL7ProtForm buffer overflow

A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page re…

Remote | Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.5 MEDIUM
CVE-2026-7045 — baomidou dynamic-datasource StandardEvaluationContext/SpelExpressionParser DsSpelExpressi…

A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spri…

Remote | Injection
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.5 MEDIUM
CVE-2026-7044 — GreenCMS index.php themeadd unrestricted upload

A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can …

greencms | Remote | Misconfiguration
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.5 MEDIUM
CVE-2026-7043 — GreenCMS index.php pluginAddLocal unrestricted upload

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The …

greencms | Remote | Misconfiguration
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
7.5 HIGH
CVE-2026-7042 — 666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication

A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to…

Remote | Authentication
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.9 MEDIUM
CVE-2018-25297 — Wansview 1.0.2 Denial of Service via Buffer Overflow

Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads into the Cam…

| Memory Corruption
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
6.8 MEDIUM
CVE-2018-25296 — P10 Central Management Software 1.4.13 Denial of Service

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input strin…

| Denial of Service
Apr 26, 2026 Apr 26, 2026
Apr 26, 2026
Apr 26, 2026
Showing 20 of 5617 Results