|
2201
|
8.3 |
HIGH
Network
|
-
|
-
|
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.
|
CWE-77
Command Injection
|
CVE-2026-30461
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2202
|
8.0 |
HIGH
Local
|
-
|
-
|
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious in…
|
CWE-77
Command Injection
|
CVE-2026-30615
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2203
|
7.3 |
HIGH
Network
|
-
|
-
|
Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application,…
|
CWE-77
Command Injection
|
CVE-2026-30616
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2204
|
8.6 |
HIGH
Network
|
-
|
-
|
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management …
|
CWE-77
Command Injection
|
CVE-2026-30617
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2205
|
8.6 |
HIGH
Network
|
-
|
-
|
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration contai…
|
CWE-77
Command Injection
|
CVE-2026-30624
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2206
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. A…
|
CWE-77
Command Injection
|
CVE-2026-30625
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2207
|
- |
|
-
|
-
|
The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privi…
|
CWE-862
Missing Authorization
|
CVE-2026-5387
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2208
|
- |
|
-
|
-
|
Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-15610
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2209
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.
T…
|
CWE-79
Cross-site Scripting
|
CVE-2026-20059
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2210
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is du…
|
CWE-601
Open Redirect
|
CVE-2026-20060
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
