|
551
|
5.6 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block Handler. Performing a manipul…
Update
|
CWE-908
Use of Uninitialized Resource
|
CVE-2026-7141
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
552
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulatio…
Update
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-7142
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
553
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation of the argument q lea…
Update
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7143
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
554
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update_passwd_process.php. The manipulation of the argument temp…
Update
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7144
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
555
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/ser…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7146
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
556
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performi…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7147
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
557
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack …
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7148
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
558
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare_kaggle_dataset of the file src/kaggle_mcp/server…
New
|
CWE-22
Path Traversal
|
CVE-2026-7149
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
559
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generate_favicon_from_url of the file src/auto_favicon/server.py of th…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7150
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
560
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/fil…
New
|
CWE-22
Path Traversal
|
CVE-2026-7159
|
2026-04-29 10:00 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
