8.5
CVE-2026-32298 - Angeet ES3 KVM OS command injection
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
9.3
CVE-2026-32297 - Angeet ES3 KVM unauthenticated arbitrary file write
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system.
8.8
CVE-2026-32296 - Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate tβ¦
9.3
CVE-2026-32295 - JetKVM insufficient login rate limiting
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.
7
CVE-2026-32294 - JetKVM insufficient firmware verification
JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification.
6.3
CVE-2026-32293 - GL-iNet Comet (GL-RM1) KVM insufficient certificate validation
The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the invaβ¦
9.3
CVE-2026-32292 - GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting
The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.
7
CVE-2026-32291 - GL-iNet Comet (GL-RM1) KVM unauthenticated root access via UART serial console
The GL-iNet Comet (GL-RM1) KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins.
7
CVE-2026-32290 - GL-iNet Comet (GL-RM1) KVM insufficient firmware verification
The GL-iNet Comet (GL-RM1) KVM does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification.
6.9
CVE-2026-4319 - code-projects Simple Food Order System add-item.php sql injection
A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly avβ¦