0.0
CVE-2026-7320 - Information disclosure due to incorrect boundary conditions in the Audio/Video component
Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.
9.2
CVE-2026-27760 - OpenCATS PHP Code Injection via installer AJAX endpoint
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define() string contโฆ
4.3
CVE-2026-40968 - Spring gRPC SecurityContext leaks across requests on authorization failure
When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions: Sโฆ
5.1
CVE-2026-7282 - SourceCodester Pharmacy Sales and Inventory System ajax.php delete_expired sql injection
A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function delete_expired of the file /ajax.php?action=delete_expired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is โฆ
4.8
CVE-2026-7281 - SourceCodester Pharmacy Sales and Inventory System index.php supplier cross site scripting
A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The โฆ
4.7
CVE-2026-40552 - Remote Code Execution in mpGabinet
mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remote โฆ
8.4
CVE-2026-40551 - Use of Client-Side Authentication in mpGabinet
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19โฆ
6.9
CVE-2026-40550 - Privilege Escalation in mpGabinet
mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the applicationโs memory by inspectingโฆ
0.0
CVE-2026-6706 -
Improper access control in the vault documentation feature in Devolutions Server 2026.1.14.0 and earlier allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request.
6.7
CVE-2026-5944 - Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticateโฆ