|
541
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/servi…
|
CWE-287
Improper Authentication
|
CVE-2026-7679
|
2026-05-3 14:15 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
542
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoView…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7678
|
2026-05-3 14:15 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
543
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNotic…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-7677
|
2026-05-3 14:15 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
544
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/control…
|
CWE-22
Path Traversal
|
CVE-2026-7676
|
2026-05-3 14:15 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
545
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2026-6481
|
2026-05-3 08:16 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
546
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulatio…
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-7668
|
2026-05-3 06:16 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
547
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_in_browser of the file src/index.ts of the component MCP Interface. Performing …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7653
|
2026-05-3 01:16 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
548
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function export_state of the file src/consciousness-explorer/mcp/server.js of the component MCP …
|
CWE-22
Path Traversal
|
CVE-2026-7645
|
2026-05-3 01:16 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
549
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote …
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-7644
|
2026-05-3 00:16 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
550
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cros…
|
CWE-346
CWE-942
Origin Validation Error
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-7643
|
2026-05-3 00:16 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
