|
871
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in comm…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7469
|
2026-04-30 23:53 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
872
|
8.8 |
HIGH
Network
|
-
|
-
|
A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-7470
|
2026-04-30 23:53 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
873
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead to sql inject…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7409
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
874
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7410
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
875
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation of th…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7416
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
876
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of t…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7417
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
877
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Pro…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7418
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
878
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7419
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
879
|
8.8 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile res…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7420
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
880
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7443
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
