|
2901
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulatio…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-7142
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2902
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation of the argument q lea…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7143
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2903
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update_passwd_process.php. The manipulation of the argument temp…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7144
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2904
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/ser…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7146
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2905
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performi…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7147
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2906
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7148
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2907
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare_kaggle_dataset of the file src/kaggle_mcp/server…
|
CWE-22
Path Traversal
|
CVE-2026-7149
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2908
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generate_favicon_from_url of the file src/auto_favicon/server.py of th…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7150
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2909
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py …
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7157
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2910
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/fil…
|
CWE-22
Path Traversal
|
CVE-2026-7159
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
