|
291
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation re…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7177
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulatio…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7178
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the comp…
New
|
CWE-22
Path Traversal
|
CVE-2026-7179
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_product. This manipulation of the argument…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7194
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql inject…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7196
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_product. Perform…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7199
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. Executing a manipulation of th…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-7200
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argumen…
New
|
CWE-22
Path Traversal
|
CVE-2026-7205
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_f…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7206
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component Git Search API. Executing a manipulatio…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7211
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
