|
1461
|
4.6 |
MEDIUM
Network
|
-
|
-
|
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has been patched…
|
CWE-22
Path Traversal
|
CVE-2026-42080
|
2026-05-6 05:19 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1462
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipu…
|
CWE-22
Path Traversal
|
CVE-2026-7738
|
2026-05-6 05:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1463
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7732
|
2026-05-6 05:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1464
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Ha…
|
CWE-74
CWE-88
Injection
Argument Injection
|
CVE-2026-7725
|
2026-05-6 05:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1465
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the compon…
|
CWE-404
CWE-476
Improper Resource Shutdown or Release
NULL Pointer Dereference
|
CVE-2026-7701
|
2026-05-6 05:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1466
|
5.0 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function _checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endp…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7688
|
2026-05-6 05:16 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1467
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7629
|
2026-05-6 05:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1468
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This mani…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7603
|
2026-05-6 05:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1469
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization.…
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-7597
|
2026-05-6 05:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1470
|
8.1 |
HIGH
Network
|
-
|
-
|
School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7491
|
2026-05-6 05:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
