Security Vulnerabilities
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-17
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system.
CVSS Score
9.3
EPSS Score
0.0
Published
2026-03-17
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
CVSS Score
8.5
EPSS Score
0.001
Published
2026-03-17
A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-03-17
The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins.
CVSS Score
7.0
EPSS Score
0.001
Published
2026-03-17
The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.
CVSS Score
9.3
EPSS Score
0.0
Published
2026-03-17
The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the invalid certificates and fail to connect to the legitimate GL-iNet KVM cloud service.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-03-17
JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification.
CVSS Score
7.0
EPSS Score
0.0
Published
2026-03-17
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.
CVSS Score
9.3
EPSS Score
0.0
Published
2026-03-17
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organization with a compromised worker node (e.g., through initial access, insider threat, or supply chain attack) are impacted. An attacker who gains access to a worker node (through any means) can achieve full RCE on the master node with root privileges. Version 4.14.3 fixes the issue.
CVSS Score
9.1
EPSS Score
0.004
Published
2026-03-17