|
81
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config…
New
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-7595
|
2026-05-2 06:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function image_to_3d_async of the file src/index.ts of the component MCP Interface. The manipulation of the argument …
New
|
CWE-22
Path Traversal
|
CVE-2026-7594
|
2026-05-2 06:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interfac…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7593
|
2026-05-2 06:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
8.4 |
HIGH
Local
|
-
|
-
|
flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function.
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-30363
|
2026-05-2 06:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-67968. Reason: This candidate is a reservation duplicate of CVE-2025-67968. Notes: All CVE users should reference …
New
|
-
|
CVE-2025-12993
|
2026-05-2 06:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
5.6 |
MEDIUM
Network
|
vllm
|
vllm
|
A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block Handler. Performing a manipul…
Update
|
CWE-908
Use of Uninitialized Resource
|
CVE-2026-7141
|
2026-05-2 05:30 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
7.3 |
HIGH
Network
|
shadowclonelabs
|
glutamate_mcp_servers
|
A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/in…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7094
|
2026-05-2 05:30 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
8.8 |
HIGH
Network
|
coze
|
coze_studio
|
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the…
Update
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7023
|
2026-05-2 05:27 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
5.6 |
MEDIUM
Network
|
ollama
|
ollama
|
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The mani…
Update
|
CWE-22
Path Traversal
|
CVE-2026-7020
|
2026-05-2 05:24 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
9.8 |
CRITICAL
Network
|
sipeed
|
picoclaw
|
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation result…
Update
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-6987
|
2026-05-2 05:24 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
