|
3321
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.
|
CWE-94
Code Injection
|
CVE-2026-36458
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3322
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service.
The decimal library does not bound the exponent on parsed input. Storing a decimal …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-32686
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3323
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports bot…
|
CWE-285
Improper Authorization
|
CVE-2026-30496
|
2026-05-9 08:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3324
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is con…
|
CWE-285
Improper Authorization
|
CVE-2026-30495
|
2026-05-9 08:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3325
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL being rended from cron.erb.
|
CWE-79
Cross-site Scripting
|
CVE-2025-67202
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3326
|
9.8 |
CRITICAL
Network
|
-
|
-
|
NPM package next-npm-version1.0.1 is vulnerable to Command injection.
|
CWE-94
Code Injection
|
CVE-2025-63706
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3327
|
9.8 |
CRITICAL
Network
|
-
|
-
|
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js().
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2025-63703
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3328
|
9.1 |
CRITICAL
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/{hash} endpoint accepts a 60-character random invite_hash to set a new use…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-41902
|
2026-05-9 07:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3329
|
9.8 |
CRITICAL
Network
|
-
|
-
|
NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2025-63704
|
2026-05-9 07:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3330
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8723bs: fix memory leak on failure path
cfg80211_inform_bss_frame() may return NULL on failure. In that case,
the all…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43225
|
2026-05-9 06:22 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
