9.8
CVE-2026-37709 - Insecure Permissions in SnipeโIT Allow Remote Code Execution
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component
0.0
CVE-2026-30495 - Unauthenticated ADB Exposure and Root Access on Optoma CinemaX P2 Projector
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binโฆ
6.3
CVE-2026-40214 - CrossโTenant Denial of Service via Unchecked Accelerator Request API
In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is never populated (NULL for every ARQ), database queries have no project filtering, and policy checks are self-referential (the authorize_wsgiโฆ
7.4
CVE-2026-40213 - Unrestricted API Access Enables Unauthorized FPGA Reprogramming in OpenStack Cyborg
OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can compleโฆ
0.0
CVE-2025-63706 - Command Injection in next-npm-version 1.0.1
NPM package next-npm-version1.0.1 is vulnerable to Command injection.
5.4
CVE-2026-36341 -
Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint
5.4
CVE-2026-36388 -
A Cross-Site Scripting (XSS) vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker (patient) to inject a malicious script payload into the User Name parameter, which is stored in the application aโฆ
0.0
CVE-2025-63704 - Prototype Pollution in NPM package query-string-parser Leading to Object Prototype Manipulation
NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.
0.0
CVE-2025-67202 - CrossโSite Scripting via Malicious URL Rendering in Sidekiqโcron
Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL being rended from cron.erb.
6.9
CVE-2026-3291 - Samsung Print Service Plugin โ Potential Information Disclosure
Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.