Unsafe deserialization in ChanCMS up to version 3.1.2 allows authenticated remote attackers to trigger deserialization vulnerabilities via the taskUrl parameter in the /collect/getArticle endpoint, potentially leading to code execution. The vulnerability has limited confidentiality, integrity, and availability impact per CVSS 4.0 scoring (2.1 score). Publicly available exploit code exists, and the vendor has released patched version 3.1.3.
Server-side request forgery in ChanCMS up to version 3.1.2 allows authenticated attackers to conduct SSRF attacks via the targetUrl parameter in the /cms/collect/getPages endpoint. The CVSS score of 2.1 reflects low confidentiality and integrity impact on the vulnerable component itself, but the publicly disclosed exploit and low EPSS score (0.10%, percentile 26%) suggest this vulnerability carries minimal real-world exploitation risk despite active public disclosure.
ChanCMS up to version 3.1.2 permits information disclosure through improper validation of accessKey and secretKey parameters in the /sysApp/find endpoint, allowing authenticated remote attackers to access sensitive data. The vulnerability has a low CVSS score of 2.1 (CVSS:4.0/AV:N/AC:L/PR:L) reflecting limited confidentiality impact and requirement for low-privilege authentication, but publicly available exploit code exists and exploitation probability (EPSS 0.09%) is extremely low, suggesting this is a narrow-scope, low-urgency issue despite public disclosure.
Cross-site request forgery in jerryshensjf JPACookieShop (蛋糕商城JPA版) allows unauthenticated remote attackers to perform unauthorized actions via crafted requests to AdminTypeCustController.java, requiring user interaction. The vulnerability has a low CVSS score of 2.1 but public exploit code is available; however, the extremely low EPSS percentile (23%) suggests minimal real-world exploitation despite public disclosure.
Reflected cross-site scripting (XSS) in JPACookieShop's GoodsCustController.goodsSearch function allows remote unauthenticated attackers to inject malicious scripts via the keyword parameter, affecting user sessions with minimal complexity. The vulnerability carries a CVSS 2.1 score but requires user interaction (clicking a malicious link), and public exploit code is available. With an EPSS of 0.06% and no confirmed active exploitation in the wild, the real-world risk is low despite the disclosed POC.
Stored cross-site scripting (XSS) in JPACookieShop GoodsController allows authenticated users to inject malicious scripts that execute in other users' browsers, with public exploit code available and CVSS 2.0 reflecting low impact due to required user interaction and authenticated access prerequisites.
Null pointer dereference in GNU Binutils 2.44 BFD Library function bfd_elf_get_str_section causes denial of service when processing malformed ELF files locally. The vulnerability requires local access with limited privileges (PR:L) and publicly available exploit code exists, though EPSS scoring (0.04%, 12th percentile) indicates low real-world exploitation probability despite public disclosure.
Memory leak in GNU Binutils 2.44 DWARF section handler allows local authenticated users to consume memory resources, potentially leading to denial of service. The vulnerability exists in the process_debug_info function of binutils/dwarf.c and is triggered during DWARF debug information parsing. Publicly available exploit code exists, and a vendor patch has been released.
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /manage_user.php, with publicly available exploit code disclosed. Despite a critical classification, the CVSS 4.0 vector reflects low impact (confidentiality, integrity, availability all limited) and EPSS score of 0.06% suggests minimal real-world exploitation probability.
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the parameter 's' in /parcel_list.php, with publicly available exploit code disclosed. Despite a critical classification in the original report, the CVSS 4.0 score of 2.1 reflects limited confidentiality, integrity, and availability impact constrained by the requirement for prior authentication (PR:L) and absence of scope escalation; EPSS scoring of 0.06% indicates low real-world exploitation probability despite public POC availability.