|
3171
|
6.1 |
MEDIUM
Network
|
hcltech
|
dfxanalytics
|
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could al…
|
CWE-358
CWE-79
Improperly Implemented Security Check for Standard
Cross-site Scripting
|
CVE-2025-31970
|
2026-05-8 04:58 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3172
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
counter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member
The counter driver can use HW channels 1 and 2, while the PW…
|
NVD-CWE-noinfo
|
CVE-2026-31740
|
2026-05-8 04:56 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3173
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
counter: rz-mtu3-cnt: prevent counter from being toggled multiple times
Runtime PM counter is incremented / decremented each time…
|
NVD-CWE-Other
|
CVE-2026-31741
|
2026-05-8 04:55 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3174
|
- |
|
-
|
-
|
BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaS…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41653
|
2026-05-8 04:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3175
|
5.4 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERM_EDIT_USERS permission (intended for general user-profile editing) …
|
CWE-863
Incorrect Authorization
|
CVE-2026-41903
|
2026-05-8 04:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3176
|
8.8 |
HIGH
Local
|
sandboxie-plus
|
sandboxie
|
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration re…
|
CWE-93
CRLF Injection
|
CVE-2026-34458
|
2026-05-8 04:48 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3177
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the argument ID results i…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8083
|
2026-05-8 04:48 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3178
|
8.8 |
HIGH
Local
|
sandboxie-plus
|
sandboxie
|
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilit…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-34459
|
2026-05-8 04:48 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3179
|
7.0 |
HIGH
Local
|
sandboxie-plus
|
sandboxie
|
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists during addon installation.…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-34596
|
2026-05-8 04:45 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3180
|
4.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with…
|
CWE-183
Permissive List of Allowed Inputs
|
CVE-2026-44111
|
2026-05-8 04:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
