Aggregator

INC

Dark Feed IO
1 month 3 weeks ago

You must login to view this content

cohenido

CVE-2026-7417 | Algovate xhs-mcp 0.8.11 MCP Interface src/server/mcp.server.ts xhs_publish_content media_paths server-side request forgery (EUVD-2026-26294)

Vuldb Updates
1 month 3 weeks ago
A vulnerability has been found in Algovate xhs-mcp 0.8.11 and classified as critical. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument media_paths results in server-side request forgery. This vulnerability was named CVE-2026-7417. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-7418 | UTT HiPER 1250GW up to 3.2.7-210907-180535 route/goform/NTP strcpy Profile buffer overflow (EUVD-2026-26295)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535 and classified as critical. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The identification of this vulnerability is CVE-2026-7418. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-7419 | UTT HiPER 1250GW up to 3.2.7-210907-180535 formTaskEdit_ap strcpy Profile buffer overflow (EUVD-2026-26297)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535. It has been classified as critical. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. This vulnerability is referenced as CVE-2026-7419. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2026-7420 | UTT HiPER 1250GW up to 3.2.7-210907-180535 ConfigAdvideo strcpy Profile buffer overflow (EUVD-2026-26298)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535. It has been declared as critical. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. This vulnerability is identified as CVE-2026-7420. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-7443 | BurtTheCoder mcp-dnstwist up to 1.0.4 MCP Interface src/index.ts fuzz_domain Request os command injection (EUVD-2026-26300)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in BurtTheCoder mcp-dnstwist up to 1.0.4. It has been declared as critical. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The identification of this vulnerability is CVE-2026-7443. The attack may be launched remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

Managed ad