|
241
|
8.8 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile res…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7420
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
242
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing …
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7443
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
243
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP …
New
|
CWE-22
Path Traversal
|
CVE-2026-7445
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
244
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7446
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/le…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7447
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipul…
New
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-7468
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 This is due to the valid_payment() function…
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-6498
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248
|
7.5 |
HIGH
Network
|
-
|
-
|
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'get_customer_data' method relying on an unsigned '…
New
|
CWE-285
Improper Authorization
|
CVE-2026-2892
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249
|
6.1 |
MEDIUM
Network
|
frappe
|
press
|
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Redirect parameter on login page is vulnerable to reflected XSS…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-41430
|
2026-04-30 23:51 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument pa…
Update
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7078
|
2026-04-30 23:38 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
