|
991
|
4.3 |
MEDIUM
Network
|
-
|
-
|
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, …
|
CWE-284
Improper Access Control
|
CVE-2026-20203
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
992
|
7.1 |
HIGH
Network
|
-
|
-
|
In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a…
|
CWE-377
Insecure Temporary File
|
CVE-2026-20204
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
993
|
7.2 |
HIGH
Network
|
-
|
-
|
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the high-privilege capability `mcp_tool_admin` could view users sessio…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-20205
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
994
|
8.3 |
HIGH
Network
|
-
|
-
|
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.
|
CWE-77
Command Injection
|
CVE-2026-30461
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
995
|
8.0 |
HIGH
Local
|
-
|
-
|
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious in…
|
CWE-77
Command Injection
|
CVE-2026-30615
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
996
|
7.3 |
HIGH
Network
|
-
|
-
|
Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application,…
|
CWE-77
Command Injection
|
CVE-2026-30616
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
997
|
8.6 |
HIGH
Network
|
-
|
-
|
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management …
|
CWE-77
Command Injection
|
CVE-2026-30617
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
998
|
8.6 |
HIGH
Network
|
-
|
-
|
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration contai…
|
CWE-77
Command Injection
|
CVE-2026-30624
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
999
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. A…
|
CWE-77
Command Injection
|
CVE-2026-30625
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1000
|
- |
|
-
|
-
|
The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privi…
|
CWE-862
Missing Authorization
|
CVE-2026-5387
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
