CodeAnt AI Vulnerability Database
A comprehensive hub for tracking high-impact vulnerabilities across application code and third-party libraries, for security teams and developers.
CVE-2026-7199
(7.3)
SQL Injection via Unsanitized ID Parameter (CWE-89) in Pharmacy Sales and Inventory System /ajax.php
Database Compromise and Data Integrity Loss
CVE-2026-41371
(8.5)
Incorrect Authorization (CWE-863) in OpenClaw chat.send Session Management
Privilege Escalation and Unauthorized Session Control
CVE-2026-27785
(8.8)
Hard-Coded Credentials (CWE-798) in Milesight AIoT Camera Firmware
Authentication Bypass and Unauthorized Device Control
CVE-2026-7194
(7.3)
SQL Injection (CWE-89) in SourceCodester Pharmacy Sales and Inventory System save_product Endpoint
Data Exposure and Database Compromise
CVE-2026-28747
(7.1)
Broken Authorization via Weak Key Generation (CWE-639) in Milesight AIoT Camera Firmware
Authorization Bypass and Unauthorized Access
CVE-2026-7178
(7.3)
Server-Side Request Forgery (CWE-918) in ChatGPTNextWeb NextChat Artifacts Endpoint
Unauthorized network access via SSRF, potentially reaching internal services and sensitive metadata endpoints
CVE-2026-7177
(7.3)
Server-Side Request Forgery (CWE-918) in ChatGPTNextWeb NextChat proxyHandler
Network pivoting via SSRF, potential access to internal services and sensitive metadata
CVE-2026-7159
(7.3)
Path Traversal (CWE-22) in douinc mkdocs-mcp-plugin server document handlers
Arbitrary File Read / Directory Traversal
CVE-2026-7191
(7.2)
Code Injection via Prototype Manipulation (CWE-94) in qnabot-on-aws Content Designer
Arbitrary Code Execution in Lambda Fulfillment Context
CVE-2026-7158
(7.3)
Server-Side Request Forgery (CWE-918) in mcp-url-downloader URL Validation
Indirect access to internal or protected network resources via server-side HTTP requests
