|
6021
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7629
|
2026-05-6 05:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6022
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This mani…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7603
|
2026-05-6 05:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6023
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization.…
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-7597
|
2026-05-6 05:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6024
|
8.1 |
HIGH
Network
|
-
|
-
|
School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7491
|
2026-05-6 05:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6025
|
8.8 |
HIGH
Network
|
-
|
-
|
CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
|
CWE-89
SQL Injection
|
CVE-2026-7489
|
2026-05-6 05:14 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6026
|
7.2 |
HIGH
Network
|
-
|
-
|
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7490
|
2026-05-6 05:14 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6027
|
- |
|
-
|
-
|
Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries.
This issue affects OpenConcerto: 1.7.5.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-6499
|
2026-05-6 05:14 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6028
|
- |
|
-
|
-
|
Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data.
This issue affects OpenConcerto: 1.7.5.
|
CWE-256
Plaintext Storage of a Password
|
CVE-2026-6500
|
2026-05-6 05:14 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6029
|
- |
|
-
|
-
|
Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup.
This issue affects jOpenDocument: 1.5.
|
CWE-611
XXE
|
CVE-2026-6501
|
2026-05-6 05:14 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6030
|
8.8 |
HIGH
Adjacent
|
google
|
android
|
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as…
|
CWE-303
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-0073
|
2026-05-6 04:54 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
