Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-7730 — privsim mcp-test-runner MCP index.ts child_process.spawn os command injection

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the …

| Injection
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
0.0 NA
CVE-2026-7729 — pixelsock directus-mcp MCP index.ts validateUrl server-side request forgery

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the …

| Server-Side Request Forgery
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
0.0 NA
CVE-2026-7728 — ryanjoachim mcp-rtfm MCP update_doc path traversal

A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function get_doc_content/read_doc/update_doc of the component MCP Interface. Such manipulation of the argu…

| Path Traversal
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
5.0 MEDIUM
CVE-2026-7724 — PrefectHQ prefect Webhook/Notification validate_restricted_url toctou

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validate_restricted_url of the component Webhook/Notification. The manipulation l…

Remote | Race Condition
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
7.5 HIGH
CVE-2026-7723 — PrefectHQ prefect WebSocket Endpoint in missing authentication

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing a…

Remote | Authentication
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
5.5 MEDIUM
CVE-2026-7722 — PrefectHQ prefect Health Check API health endswith improper authentication

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in impr…

Remote | Authentication
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-7721 — Totolink WA300 cstecgi.cgi NTPSyncWithHost command injection

A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTi…

Remote | Injection
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
0.0 NA
CVE-2026-7727 — Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGr…

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/…

| Injection
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
0.0 NA
CVE-2026-7725 — PrefectHQ prefect GitRepository Pull storage.py argument injection

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Ha…

| Injection
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-7720 — Totolink WA300 POST Request cstecgi.cgi setLanguageCfg command injection

A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This…

Remote | Injection
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
10.0 HIGH
CVE-2026-7719 — Totolink WA300 POST Request cstecgi.cgi loginauth buffer overflow

A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The …

Remote | Memory Corruption
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-7718 — Totolink WA300 POST Request cstecgi.cgi setWebWlanIdx command injection

A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation …

Remote | Injection
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
9.0 HIGH
CVE-2026-7717 — Totolink WA300 POST Request cstecgi.cgi UploadCustomModule buffer overflow

A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Execu…

Remote | Memory Corruption
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-7716 — code-projects Gym Management System In PHP/Windows NT index.php sql injection

A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument d…

Remote | Injection
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-7715 — ravenwits mcp-server-arangodb MCP tools.ts arango_backup path traversal

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. Such manipulation of the …

Remote | Path Traversal
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
6.5 MEDIUM
CVE-2026-7714 — crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authenticati…

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This …

Remote | Authentication
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
9.0 CRITICAL
CVE-2026-7372 — GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ca…

Remote | Memory Corruption
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
7.4 HIGH
CVE-2026-7371 — GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi reflected cross-site scripting (XSS) vu…

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an ar…

Remote | Cross-Site Scripting
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
9.3 CRITICAL
CVE-2026-7161 — GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An att…

Remote | Cryptography
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
9.0 CRITICAL
CVE-2026-42370 — GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ca…

Remote | Memory Corruption
May 04, 2026 May 04, 2026
May 04, 2026
May 04, 2026
Showing 20 of 5502 Results