Stack-based buffer overflow in the Tenda AC8V4 router (firmware V16.03.34.06) lets remote attackers corrupt memory by supplying an oversized 'time' parameter to the /goform/saveParentControlInfo web endpoint. Per the published CVSS vector the flaw is network-reachable with no authentication (PR:N) and low complexity, and publicly available exploit code exists (no public exploit identified as actively exploited in CISA KEV). The EPSS score of 8.43% (94th percentile) marks it as elevated exploitation likelihood relative to the CVE population.
Heap-based buffer overflow in Tenda AC8V4 router firmware V16.03.34.06 allows unauthenticated remote attackers to corrupt heap memory via a crafted `mac` parameter sent to the `/goform/GetParentControlInfo` endpoint. The vulnerability requires no authentication or user interaction and is reachable over the network, making it exploitable against any device whose web management interface is accessible. A publicly available proof-of-concept exists on GitHub, and the EPSS score of 5.54% at the 92nd percentile indicates elevated real-world exploitation probability relative to the broader CVE population; no public exploit identified at time of analysis confirms CISA KEV listing.
Stack-based buffer overflow in Tenda AC8V4 firmware V16.03.34.06 exposes the /goform/WifiGuestSet HTTP endpoint to unauthenticated remote attackers via the `shareSpeed` parameter, which lacks proper bounds checking before stack allocation. The official CVSS scores only availability impact (A:L), but stack overflows in embedded router firmware routinely yield remote code execution in practice - the 93rd-percentile EPSS score and a publicly available PoC reinforce elevated real-world risk. No public exploitation or CISA KEV listing has been confirmed at time of analysis, though the PoC lowers the barrier to active targeting of unpatched devices.
Stack-based buffer overflow in Tenda AC8V4 firmware version 16.03.34.06 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request to the /goform/SetSysTimeCfg endpoint with oversized timeZone or timeType parameters. The vulnerability requires no authentication or user interaction per the CVSS:3.1 vector (PR:N/UI:N), making it trivially exploitable against any network-accessible management interface. A publicly available proof-of-concept exists on GitHub, and the EPSS score of 6.77% at the 93rd percentile signals meaningfully elevated exploitation probability relative to most CVEs - no public exploit identified at time of analysis as confirmed by CISA KEV, but POC availability lowers the bar for less-skilled actors.
Reflected cross-site scripting in Post Grid Master WordPress plugin versions up to 3.4.13 allows unauthenticated attackers to inject arbitrary JavaScript through the 'argsArray[read_more_text]' parameter due to insufficient input sanitization and output escaping. An attacker can craft a malicious link and trick users into clicking it, causing the injected script to execute in their browser with the victim's privileges. Publicly available exploit code exists, and the vulnerability affects all installations of the plugin through version 3.4.13.
Unauthenticated remote code execution in SMG Software Information Portal versions prior to 13.06.2025 allows attackers to upload web shells and inject OS commands, achieving full server compromise with a maximum CVSS score of 10.0. The vulnerability was reported by Turkey's national CERT (USOM) and no public exploit identified at time of analysis, though the trivial attack complexity and network-accessible nature make it a critical priority for any organization running the affected product.
SQL injection in Moderec Tourtella versions prior to 26.05.2025 allows remote unauthenticated attackers to manipulate backend database queries via crafted input, leading to full compromise of confidentiality, integrity, and availability. The flaw was reported through Turkey's national CERT (USOM) under advisory TR-25-0176 and carries a critical 9.8 CVSS score, though no public exploit identified at time of analysis and no EPSS score was provided.
SQL injection in Bayraktar Solar Energies ScadaWatt Otopilot (versions before 27.05.2025) allows remote unauthenticated attackers to manipulate backend database queries over the network. With a CVSS 9.8 rating and full impact across confidentiality, integrity, and availability, successful exploitation can yield complete database compromise of this SCADA solar energy monitoring platform. There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Unauthenticated login token generation in WebinarIgnition plugin for WordPress (versions ≤4.03.32) allows remote attackers to bypass authentication and impersonate arbitrary users. The vulnerability stems from missing capability checks on support staff authentication functions, enabling attackers to generate valid login tokens and authorization cookies without credentials (CVSS:3.1 AV:N/AC:L/PR:N). EPSS data not provided; no confirmation of active exploitation (CISA KEV) at time of analysis. Public exploit code existence not confirmed, though technical details are available via WordPress plugin repository references.
Stack-based buffer overflow in Tenda AC8V4 home router firmware V16.03.34.06 exposes remote unauthenticated attackers to device crash or potential arbitrary code execution by submitting an oversized timeZone parameter to the /goform/fast_setting_wifi_set endpoint. The CVSS vector confirms no authentication is required and no user interaction is needed; a public proof-of-concept is available on GitHub. No public exploit identified at time of analysis as actively exploited by CISA KEV, but the combination of zero-authentication network access and available POC meaningfully lowers the barrier for exploitation beyond the low EPSS score of 0.47% suggests.
Stored Cross-Site Scripting in Mine CloudVod WordPress plugin versions up to 2.1.10 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript through the 'audio' parameter due to insufficient input sanitization and output escaping. When injected pages are accessed by other users, the malicious scripts execute in their browsers, potentially compromising site security and user data. No public exploit code or active exploitation has been confirmed at analysis time.
Stored Cross-Site Scripting in WP Get The Table WordPress plugin versions up to 1.5 allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the 'url' parameter due to insufficient input sanitization and output escaping. Injected scripts execute whenever any user accesses the affected pages, potentially compromising site visitors and enabling account hijacking, malware distribution, or data theft. No public exploit code or active exploitation has been confirmed at time of analysis, but the vulnerability requires only contributor-level access and has a moderate CVSS score of 6.4 reflecting limited technical complexity and network-based attack vector.
Stored Cross-Site Scripting in Taeggie Feed plugin for WordPress (all versions up to 0.1.10) allows authenticated attackers with contributor-level access or above to inject arbitrary JavaScript via the taeggie-feed shortcode's name attribute, which is rendered unsanitized in both a script tag ID and jQuery.getScript() call. The vulnerability has a CVSS score of 6.4 with cross-site impact; no public exploit code or active exploitation has been confirmed at this time.
Stored Cross-Site Scripting in muse.ai WordPress plugin versions up to 0.4 allows authenticated attackers with contributor-level access to inject malicious scripts via insufficiently sanitized shortcode attributes, enabling arbitrary code execution in the context of any user viewing affected pages. The vulnerability requires authentication and user interaction (page access by victims), resulting in a CVSS 6.4 score; no public exploit code or active exploitation has been identified at time of analysis.
Stored Cross-Site Scripting in Structured Content plugin for WordPress up to version 1.6.4 allows authenticated contributors and above to inject arbitrary JavaScript via the sc_fs_local_business shortcode due to insufficient input sanitization and output escaping. Injected scripts execute in the context of any user viewing the affected page, potentially enabling account compromise, malware distribution, or defacement. No public exploit code or active exploitation has been confirmed at this time.
SQL injection in Deer WMS 2 up to version 3.3 allows authenticated remote attackers to execute arbitrary SQL queries via the ancestors parameter in the /system/dept/edit endpoint, enabling unauthorized data exfiltration or modification. Despite a critical classification, the CVSS v4.0 score of 2.1 reflects limited confidentiality and integrity impact; publicly available exploit code exists but EPSS exploitation probability remains low at 0.07%, suggesting the vulnerability requires authenticated access and may have limited real-world adoption or attack surface.
Reflected cross-site scripting (XSS) in the FunnelCockpit WordPress plugin up to version 1.4.3 allows unauthenticated attackers to inject arbitrary JavaScript through the 'error' parameter due to insufficient input sanitization and output escaping. Exploitation requires social engineering an administrative user to click a malicious link, enabling attackers to steal session cookies, perform administrative actions, or redirect users to phishing sites. No public exploit code or active exploitation has been confirmed at time of analysis.
Reflected cross-site scripting in PHPGurukul Taxi Stand Management System 1.0 allows authenticated remote attackers to inject malicious scripts via the registrationnumber or licensenumber parameters in /admin/new-autoortaxi-entry-form.php, requiring user interaction to trigger. The vulnerability carries a low CVSS score of 2.0 due to authentication and user-interaction requirements, though publicly available exploit code exists and EPSS scoring (0.07%) indicates minimal real-world exploitation probability.
NULL pointer dereference in libssh crashes SSH clients or servers during the key exchange (KEX) process when a cryptographic memory allocation fails and the resulting NULL pointer is subsequently dereferenced. Affected products span all libssh versions per CPE data, with confirmed patching by Red Hat (RHSA-2026:18683) and upstream fixes committed to the libssh repository. No public exploit identified at time of analysis; EPSS at 0.03% (8th percentile) reflects very low observed exploitation interest, consistent with the local access requirement and high attack complexity.
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or. Rated medium severity (CVSS 6.5). No vendor patch available.