|
1811
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_in_browser of the file src/index.ts of the component MCP Interface. Performing …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7653
|
2026-05-6 04:15 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1812
|
5.6 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file python/sglang/srt/utils/hf_transformers_utils.py of the component HuggingFace Transf…
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-7669
|
2026-05-6 04:15 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1813
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/control…
|
CWE-22
Path Traversal
|
CVE-2026-7676
|
2026-05-6 04:15 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1814
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNotic…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-7677
|
2026-05-6 04:15 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1815
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoView…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7678
|
2026-05-6 04:13 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1816
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/servi…
|
CWE-287
Improper Authentication
|
CVE-2026-7679
|
2026-05-6 04:13 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1817
|
7.2 |
HIGH
Network
|
-
|
-
|
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit_nex_form() function in versions up to,…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5063
|
2026-05-6 04:13 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1818
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipu…
|
CWE-22
Path Traversal
|
CVE-2026-7680
|
2026-05-6 04:13 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1819
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the comp…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7681
|
2026-05-6 04:13 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1820
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activa…
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-7686
|
2026-05-6 04:13 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
