SQL injection in CloudClassroom-PHP Project v1.0 exposes the application to remote, unauthenticated database manipulation via the `viewid` parameter. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms zero prerequisites - any internet-accessible instance is directly exploitable without credentials. A publicly available proof-of-concept exists on GitHub, though EPSS at 0.31% (23rd percentile) indicates low observed exploitation probability at time of analysis, consistent with the obscure deployment footprint of this niche educational PHP application. No active exploitation is confirmed in CISA KEV.
Stored cross-site scripting in tawk.to Live Chat 1.6.1 allows unauthenticated remote attackers to inject persistent JavaScript payloads via the chat widget, which execute in the browsers of support agents or site administrators who view the tainted transcripts. The CVSS 3.1 Scope:Changed metric confirms the injected script executes in the victim's browser origin, enabling session hijacking or credential theft against the hosting site - not merely the chat platform. A public proof-of-concept is available on GitHub; no CISA KEV listing exists and EPSS sits at 0.43% (35th percentile), indicating low current mass-exploitation but a meaningful attacker-accessible entry point given the lowered skill bar from the POC.
A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Add_reciver.php. The manipulation of the argument reciver_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php of the component HTTP POST Request Handler. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Missing authorization in Droip plugin for WordPress (all versions ≤2.2.6) allows authenticated attackers with Subscriber-level privileges to manipulate content and settings via droip_post_apis() AJAX handler. Exploitable actions include arbitrary post deletion/creation, post duplication, settings modification, and user account manipulation. Requires only low-privilege authenticated access (PR:L) for high-impact compromise of confidentiality, integrity, and availability (CVSS 8.8). No public exploit identified at time of analysis.
Arbitrary file upload in Themeum Droip WordPress plugin (versions up to 2.5.1) permits authenticated attackers with Subscriber-level privileges or higher to upload malicious files without file type validation in the make_google_font_offline() function, enabling remote code execution on the affected server. CVSS 8.8 severity reflects low privilege requirement (PR:L) and complete confidentiality, integrity, and availability impact. No public exploit identified at time of analysis.
Salesforce Tableau Server on Windows and Linux allows authenticated attackers with low privileges to conduct Server-Side Request Forgery attacks through the Amazon S3 Connector module, enabling resource location spoofing that could result in unauthorized access to internal systems and data exfiltration. Versions before 2025.1.3, 2024.2.12, and 2023.3.19 are affected. EPSS score of 0.04% (12th percentile) indicates minimal observed exploitation activity, and no public exploit has been identified at time of analysis.
A null pointer dereference vulnerability exists in the AMD display driver within the Linux kernel, where the dce_hwseq structure is accessed without proper null checking in the dce110_blank_stream function. The vulnerability affects Linux kernel versions up to 6.16-rc2 and could allow a local attacker with low privileges to cause a system crash or potentially execute arbitrary code with kernel privileges. With an EPSS score of only 0.02% and no known active exploitation, this represents a low real-world risk despite the high CVSS score.
Out-of-bounds shift in the Linux kernel Squashfs filesystem allows a local attacker to trigger memory corruption by racing a LOOP_SET_BLOCK_SIZE ioctl against a concurrent Squashfs mount on the same loop device, causing sb_min_blocksize() to return 0 and the code in squashfs_fill_super() to compute a shift exponent of 64. The affected subsystem is the kernel Squashfs driver (fs/squashfs/block.c) on Linux and downstream distributions such as Debian 11. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Remote root access in Gardyn Home Kit Firmware via SSH private key compromise allows authenticated remote attackers with high privileges to execute arbitrary commands as root on affected devices. The vulnerability stems from improper cryptographic key management (CWE-321) and carries a CVSS score of 6.6; no public exploit code or active exploitation has been independently confirmed at the time of analysis.
Server-Side Request Forgery in Apwide Golive 10.2.0 for Jira allows an attacker to abuse the plugin's test webhook function to induce the server to issue HTTP requests to arbitrary internal or external hosts. The vulnerability carries a scope-changed CVSS vector (S:C), meaning requests escape the plugin's trust boundary and can reach internal network resources invisible to the attacker. With an EPSS of 0.29% (20th percentile) and no active exploitation confirmed in CISA KEV, real-world risk is currently low, but the SSRF primitive could enable internal service enumeration or SSRF-chained attacks against cloud metadata endpoints on Jira-hosting infrastructure.
HTTP denial-of-service in Kron Technologies Kron PAM (all versions before 3.7) allows a low-privileged authenticated remote attacker to exhaust server resources through unthrottled HTTP request processing. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms the attack is network-reachable at low complexity, requiring only a valid user account, with full availability impact and no scope change. No public exploit code exists and the vulnerability has not been added to the CISA KEV catalog; EPSS sits at 0.28% (52nd percentile), indicating low-to-moderate real-world exploitation probability at time of analysis.
Stored Cross-Site Scripting in Kron Technologies Kron PAM (versions before 3.7) allows a highly privileged authenticated attacker to inject persistent malicious scripts into the application that execute in the browsers of other users who view the affected content. Despite the high privilege required to plant the payload, the impact is rated High on both confidentiality and integrity - a realistic concern in Privileged Access Management platforms where session hijacking or credential harvesting against super-administrators carries severe downstream risk. No public exploit code or active exploitation has been identified at time of analysis; EPSS is low at 0.18% (40th percentile).
Path traversal in ChanCMS up to version 3.1.2 allows authenticated remote attackers to read or modify arbitrary files via the delfile function in app/extend/utils.js, with publicly available exploit code disclosed. CVSS score of 2.1 reflects low impact (integrity and availability limited to low confidentiality) and requirement for authenticated access, though the vulnerability affects a core file deletion utility. Vendor-released patch available in version 3.1.3.
SQL injection in PHPGurukul BP Monitoring Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the fromdate/todate parameters in /bwdates-report-result.php. The vulnerability requires user authentication (PR:L) but carries low confidentiality, integrity, and availability impact (VC:L/VI:L/VA:L). Publicly available exploit code exists, though real-world exploitation remains limited by authentication requirements and modest technical impact.
Server-side request forgery in ChanCMS up to version 3.1.2 allows authenticated remote attackers to manipulate the targetUrl argument in the getArticle function (app/modules/api/service/gather.js), enabling them to make arbitrary HTTP requests from the affected server. Publicly available exploit code exists, but the CVSS score of 2.1 reflects limited confidentiality, integrity, and availability impact despite network accessibility; exploitation is restricted to authenticated users with low privileges.
SQL injection in Deer WMS 2 up to version 3.3 allows authenticated remote attackers to execute arbitrary SQL queries via the params[dataScope] parameter in the /system/role/list endpoint. The vulnerability has a critically low CVSS score of 2.1 due to limited scope and integrity impact, but exploitation is confirmed possible with publicly available proof-of-concept code. Real-world risk is minimal given the requirement for prior authentication and constrained data access impact.
SQL injection in Deer WMS 2 up to version 3.3 allows authenticated remote attackers to execute arbitrary SQL queries via the params[dataScope] parameter in the /system/dept/list endpoint. Despite a critical classification in the initial report, the CVSS 4.0 vector assigns a 2.1 score reflecting low impact across confidentiality, integrity, and availability. Publicly available exploit code exists; however, EPSS scoring at 0.07% (22nd percentile) suggests minimal real-world exploitation likelihood compared to the authorization requirement and limited information disclosure scope.
SQL injection in Deer WMS 2 versions up to 3.3 allows authenticated remote attackers to execute arbitrary SQL queries via the params[dataScope] parameter in the /system/role/export endpoint, leading to limited information disclosure. The vulnerability carries a CVSS score of 2.1 despite being classified critical in the original report, reflecting the CVSS v4.0 assessment of low confidentiality, integrity, and availability impact combined with required authentication. Publicly available exploit code exists, but real-world exploitation risk remains minimal due to the low EPSS score (0.07%, 22nd percentile) and authentication requirement.
SQL injection in Deer WMS 2 up to version 3.3 allows authenticated remote attackers to manipulate the dataScope parameter in the /system/user/list endpoint, leading to arbitrary SQL query execution with limited information disclosure impact. The CVSS v4.0 score of 2.1 reflects low severity due to required authentication and constrained impact (confidentiality, integrity, and availability all rated low), though publicly available exploit code exists and the vulnerability has been disclosed.
SQL injection in Deer WMS 2 up to version 3.3 allows authenticated remote attackers to execute arbitrary SQL queries via the dataScope parameter in the /system/user/export endpoint, potentially compromising data confidentiality. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited scope, but publicly available exploit code exists and the attack surface is network-accessible.
SQL injection in Deer WMS 2 up to version 3.3 allows authenticated remote attackers to manipulate the dataScope parameter in the /system/role/authUser/allocatedList endpoint, leading to limited information disclosure. The vulnerability requires valid user credentials and carries a low CVSS base score of 2.1 despite critical severity rating, with publicly available exploit code disclosed via Gitee issue tracker. EPSS exploitation probability is extremely low at 0.07%, indicating this is unlikely to be a widespread attack vector despite public POC availability.
SQL injection in Deer WMS 2 up to version 3.3 allows authenticated remote attackers to execute arbitrary SQL queries via the params[dataScope] argument in the /system/role/authUser/unallocatedList endpoint. The vulnerability requires valid user credentials but has low overall impact (CVSS 2.1) and affects only data confidentiality and integrity with no system availability impact. Publicly available exploit code exists, though EPSS score (0.07%, 22nd percentile) indicates exploitation remains uncommon in practice despite public disclosure.
SQL injection in code-projects Public Chat Room 1.0 via the ID parameter in send_message.php allows authenticated remote attackers to execute arbitrary SQL queries, despite a low CVSS 4.0 score of 2.1. The vulnerability requires prior authentication (PR:L) and offers only limited confidentiality impact (VC:L/VI:L/VA:L), but publicly available exploit code exists and the attack vector is network-accessible with low complexity, making it suitable for low-friction post-compromise lateral movement or information disclosure within authenticated environments.
SQL injection in code-projects Food Review System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the occasion parameter in /admin/approve_reservation.php, resulting in limited data confidentiality and integrity impact. Despite a critical classification in the source database, the CVSS 4.0 score of 2.1 reflects the requirement for authenticated access (PR:L) and limited technical impact scope. Publicly available exploit code exists and the vulnerability has been publicly disclosed.
SQL injection in itsourcecode Insurance Management System 1.0 allows authenticated remote attackers to manipulate the agent_id parameter in /updateAgent.php, enabling unauthorized database queries with limited confidentiality and integrity impact. Despite critical classification in metadata, the CVSS 4.0 vector shows low severity (2.1 score) due to requirement for prior authentication and restricted scope. Public exploit code is available, though EPSS score of 0.06% (20th percentile) suggests minimal real-world exploitation likelihood.
SQL injection in PHPGurukul User Registration & Login and User Management System 3.3 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /admin/lastthirtyays-reg-users.php. Exploitation requires valid user credentials but no user interaction. Publicly available exploit code exists, though CVSS 2.1 and EPSS 0.06% suggest low real-world exploitation risk despite the critical classification.
SQL injection in PHPGurukul User Registration & Login and User Management System 3.3 allows authenticated remote attackers to manipulate the ID parameter in /admin/lastsevendays-reg-users.php, leading to database query compromise with limited confidentiality and integrity impact. Public exploit code exists, though EPSS scoring (0.06%, 19th percentile) indicates exploitation remains unlikely in practice despite the low attack complexity and low privilege requirement.
SQL injection in PHPGurukul Login and User Management System 3.3 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /admin/yesterday-reg-users.php. The vulnerability has a publicly available exploit but poses limited real-world risk due to authentication requirements and low CVSS impact scores (2.1/10). Exploitation is marked probable (E:P in CVSS4.0) but the EPSS score of 0.06% suggests minimal actual exploitation despite public disclosure.
Open redirect vulnerability in KoaJS Koa up to version 3.0.0 allows authenticated remote attackers to manipulate the Referrer HTTP header via the back() function in lib/response.js, enabling redirect to arbitrary external URLs with user interaction. The vulnerability has publicly available exploit code and affects the HTTP Header Handler component; EPSS exploitation probability is very low at 0.08% despite public POC availability, suggesting this is primarily a client-side social engineering vector rather than a widely exploitable server-side flaw.
Cross-site scripting (XSS) in Church Donation System 1.0 allows authenticated remote attackers to inject arbitrary JavaScript via the fname parameter in /admin/edit_members.php, requiring user interaction to execute. The vulnerability has a publicly disclosed exploit and EPSS score of 0.05% (16th percentile), indicating low real-world exploitation probability despite public availability of proof-of-concept code.
A null pointer dereference vulnerability exists in the Linux kernel's interrupt simulation (genirq/irq_sim) subsystem where uninitialized pointers in the work context can be dereferenced, leading to kernel denial of service. The vulnerability affects Linux kernel versions including 6.16-rc1 and 6.16-rc2, and potentially earlier stable releases. A local attacker with unprivileged user privileges can trigger a kernel crash by invoking interrupt simulation functionality, causing system unavailability. Patches are available from the Linux kernel stable repositories, and exploitation probability is low (EPSS 0.02%, percentile 6%) despite the moderate CVSS score of 5.5.
Linux kernel RAS (Reliability, Availability, Serviceability) header validation in the AMD GPU driver (amdgpu) lacks input sanitization, allowing a local authenticated attacker to trigger denial of service through excessive memory allocation when reading corrupted EEPROM data. The vulnerability affects all Linux kernel versions with the vulnerable amdgpu driver code path and requires local access with standard user privileges. No public exploit code has been identified; the EPSS score of 0.02% (5th percentile) indicates low real-world exploitation probability despite the moderate CVSS 5.5 rating.
Linux kernel uprobes implementation allows local privileged users to cause denial of service by placing probes at invalid instruction boundaries, exploiting variable-length instruction decoding and mixing of data in text segments on architectures like ARM64. The vulnerability requires CAP_SYS_ADMIN capability, limiting exposure to privileged local attackers. Patch available across multiple stable kernel branches (6.16-rc1 through rc4 and earlier versions).
Integer wraparound in Linux kernel netlink socket receive buffer accounting allows local authenticated attackers to exhaust kernel memory by bypassing receive buffer limits via integer overflow in sk_rmem_alloc comparison. An attacker with local access can set SO_RCVBUFFORCE to INT_MAX, causing the receive buffer check to always evaluate false and permitting unlimited socket buffer allocation until out-of-memory conditions occur. CVSS 5.5 indicates local denial of service with potential system-wide impact; no active exploitation confirmed but vulnerability affects all Linux distributions.
Denial of service in Linux kernel traffic control (qdisc) subsystem allows local authenticated attackers to crash the system by creating or modifying queue disciplines with invalid parent class references. When certain qdiscs (fq, hhf, choke, etc.) invoke qdisc_tree_reduce_backlog during initialization with a null parent class, they trigger an unhandled null pointer dereference. No active exploitation confirmed (KEV not listed), but CVSS 5.5 reflects local privilege requirement with high availability impact.
A general protection fault (GPF) in the Linux kernel's md-bitmap module affects the bitmap_get_stats() function when reading bitmap statistics for RAID devices with external bitmaps. Local users with sufficient privileges can trigger a kernel panic by accessing bitmap statistics through the /proc interface, causing denial of service. The vulnerability stems from incomplete validation of bitmap storage configuration introduced by a prior fix that failed to properly check superblock validity for both internal and external bitmap modes.
Linux kernel DRM scheduler fails to signal scheduled fences when killing job entities, causing dependent applications to hang indefinitely waiting for unresolved dependencies. Authenticated local users can trigger this denial of service by terminating applications whose job dependencies are not properly cleared during entity kill operations. The vulnerability affects multiple Linux kernel versions and has been patched upstream.
Denial of service in Linux kernel nfsd (NFS server daemon) allows local authenticated attackers to crash the system by triggering undefined behavior in nfsd4_spo_must_allow() when non-v4 compound RPC requests are processed. The vulnerability stems from missing validation that incoming RPC procedures are NFSv4 COMPOUND requests before examining internal state structures, causing memory access violations and system unavailability.
Linux kernel NFS subsystem fails to clean up /proc/net/rpc/nfs directory when nfs_fs_proc_net_init() encounters a memory allocation failure, causing a warning when rpc_proc_exit() later attempts to remove the non-empty parent directory. The vulnerability affects kernel versions 6.16-rc1 through 6.16-rc3 and likely earlier versions, and requires local privileges to trigger via fault injection or memory pressure. While marked as availability impact (DoS via kernel warning), the practical severity is limited as it primarily causes a procfs resource leak rather than direct system compromise.
Null pointer dereference in Linux kernel maple_tree memory allocator causes denial of service when the MA_STATE_PREALLOC flag is incorrectly managed during node allocation requests. Local authenticated attackers can trigger this via memory operations that request large numbers of nodes, such as VMA merges during mmap_region() calls, leading to WARN_ON() messages followed by kernel crash. Affects Linux kernel versions including 6.16 release candidates and is confirmed patched in stable branches.
Race condition in Linux kernel NFSv4/pNFS layout draining allows local authenticated users to trigger denial of service through system hangs in writeback operations. The vulnerability exists in pnfs_update_layout() where a waiter on the NFS_LAYOUT_DRAIN bit can race with the waker when plh_outstanding count reaches zero, causing threads to block indefinitely on page locks. Patch available from upstream kernel stable branches.
Unrestricted file upload vulnerability in zhousg letao allows authenticated remote attackers to upload arbitrary files via manipulation of the pictrdtz argument in routes/bf/product.js, leading to potential code execution or system compromise. The vulnerability affects rolling-release versions up to commit 7d8df0386a65228476290949e0413de48f7fbe98, with publicly available exploit code disclosed but limited real-world exploitation risk due to CVSS 2.1 score and low EPSS (0.07%, 20th percentile), suggesting this is primarily a design flaw rather than an actively weaponized threat.
SQL injection in itsourcecode Employee Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the Username parameter in /admin/index.php, resulting in limited confidentiality and integrity impact. Despite a critical classification in the initial report, the CVSS 4.0 vector assigns a severity of 2.1 with low scope impact and requires authenticated access (PR:L), significantly reducing real-world risk. Public exploit code is available, but the extremely low EPSS score (0.06%, 19th percentile) suggests minimal practical exploitation despite disclosure.
Unrestricted file upload in code-projects Document Management System 1.0 via the /insert.php endpoint allows authenticated remote attackers to upload arbitrary files by manipulating the uploaded_file parameter, potentially enabling remote code execution or data exfiltration. Publicly available exploit code exists, though EPSS score of 0.06% suggests limited real-world exploitation likelihood due to low attack impact and authenticated access requirement.
Cross-site scripting (XSS) vulnerability in D-Link DCS-6010L firmware 1.15.03 allows authenticated remote attackers to inject malicious scripts via the paratest argument in the Management Application's /vb.htm endpoint. The vulnerability requires user interaction (UI:P) and affects an end-of-life product with publicly available exploit code, though real-world risk is significantly limited by authentication requirement (PR:L) and very low EPSS score (0.05%).