Server-side request forgery in ssrfcheck npm package versions before 1.2.0 enables attackers to bypass IP blocklist validation and craft requests to multicast IP addresses (224.0.0.0/4). The vulnerability stems from an incomplete denylist that fails to classify reserved multicast address space as invalid, allowing network-accessible exploitation with no authentication required. Public exploit code exists (Snyk gist, CVSS E:P) with EPSS indicating moderate exploitation probability. Vendor patch available in version 1.2.0 via GitHub commit 9507b49.
Session hijacking in PHPGurukul Student Result Management System v2.0 stems from the /srms/change-password.php component failing to invalidate existing sessions after a password change, so an attacker holding a previously captured session token retains authenticated access even after the victim rotates their credentials. Publicly available exploit code exists on GitHub, though the flaw is not listed in CISA KEV and carries a modest EPSS score of 0.62% (45th percentile), indicating low observed exploitation activity. The vulnerability primarily undermines the account-recovery security guarantee that changing a password should terminate compromised sessions.
Session hijacking in PHPGurukul Student Result Management System v2.0 stems from improper session invalidation in the employee change-password handler (/elms/emp-changepassword.php), letting attackers reuse session tokens that should have been terminated to take over an authenticated account. A public proof-of-concept exists (VasilVK GitHub), but there is no public exploit identified as actively exploited; EPSS is low at 0.52% (40th percentile) and it is not on CISA KEV. This is a niche PHP educational application, so real-world exposure is limited despite the network-facing nature of the flaw.
Session hijacking in PHPGurukul Car Washing Management System v1.0 allows attackers to retain or reuse a doctor account session because the /doctor/change-password.php component fails to invalidate existing sessions after a credential change, publicly available exploit code exists (per the referenced GitHub PoC), though EPSS estimates only a 0.50% exploitation probability and the issue is not on CISA KEV. No public exploit identified as actively used in the wild; the flaw affects only the single unpatched v1.0 release of this niche PHP application.
Session hijacking in PHPGurukul Car Rental Project v3.0 stems from the /carrental/update-password.php endpoint failing to invalidate existing sessions after a password change, allowing an attacker who has captured or been handed a valid session identifier to retain authenticated access even after the victim resets credentials. Publicly available exploit code exists (GitHub), but the issue is not in CISA KEV, and EPSS is modest at 0.40% (32nd percentile), indicating no evidence of widespread automated exploitation. Confidence is reduced by conflicting source metadata (see confidence notes).
Session hijacking in PHPGurukul Online Course Registration v3.1 stems from the /crm/change-password.php component failing to invalidate existing sessions after a password change, letting an attacker who has captured or replayed a victim's session identifier retain authenticated access even after the credential is rotated. Publicly available exploit code exists (GitHub), but the flaw is not listed in CISA KEV and carries a low EPSS score of 0.40% (32nd percentile), indicating limited observed exploitation. The issue chiefly threatens confidentiality of the affected user's CRM account.
Session hijacking in PHPGurukul Online Library Management System v3.0 stems from improper session invalidation in /library/change-password.php, where sessions are not properly terminated after credential changes, allowing an attacker who obtains or reuses a still-valid session token to impersonate a victim. Publicly available exploit code exists (GitHub, VasilVK), though there is no public exploit identified as actively exploited in the wild and it is not listed in CISA KEV. EPSS is low at 0.39% (31st percentile), indicating limited predicted mass-exploitation activity despite the available POC.
Session hijacking in PHPGurukul Blood Bank & Donor Management System v2.4 stems from the /bbdms/change-password.php component failing to invalidate existing sessions after a password change, letting an attacker who obtains or captures a valid session token retain authenticated access even after the victim rotates credentials. Publicly available exploit code exists (GitHub, VasilVK), though the flaw is not listed in CISA KEV and carries a low EPSS score of 0.32% (24th percentile), indicating no evidence of widespread automated exploitation. The issue primarily threatens confidentiality of donor and blood-bank records in this niche PHP application.
Session hijacking in PHPGurukul Small CRM v3.0 stems from improper session invalidation in /crm/change-password.php, where existing session tokens are not revoked after a password change, letting an attacker who obtains or retains a valid session ID continue accessing the victim's authenticated account. Public exploit code exists (GitHub PoC by VasilVK), though there is no confirmed active exploitation (not in CISA KEV) and EPSS probability is low at 0.32% (24th percentile). Impact is primarily confidentiality of CRM data with limited integrity effect.
SQL injection in Ncvav Virtual PBX Software versions prior to 09.07.2025 allows remote unauthenticated attackers to manipulate backend database queries, leading to full compromise of confidentiality, integrity, and availability. The flaw was reported by Turkey's national CSIRT (USOM) and carries a critical CVSS 9.8 score, though no public exploit identified at time of analysis and no EPSS data is currently available.
A vulnerability was identified in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. Affected by this issue is the function execute_DataObjectProc of the file /grid/vgrid_server.php of the component Web interface. Such manipulation of the argument xajaxargs leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version 5.1.1 and 5.4.1 can resolve this issue. It is suggested to upgrade the affected component.
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /register.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A weakness has been identified in Vaelsys VaelsysV4 4.1.0. This vulnerability affects unknown code of the file /grid/vgrid_server.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The real existence of this vulnerability is still doubted at the moment. The vendor explains: "Based on Vaelsys' analysis, the reported behavior does not allow actions beyond those already permitted to authenticated administrative users, and no change in system configuration or operational practices is necessary."
A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=save_recruitment_status. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s8.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_fst.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_s3.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s2.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_s1.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s4.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, was found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s4.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s3.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s6.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_s5.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in code-projects Online Ordering System 1.0. This vulnerability affects unknown code of the file /signup.php. The manipulation of the argument firstname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Authenticated OS command injection in the PowerStick Wave Dual-Band Wifi Extender V1.0 lets a user with valid credentials run arbitrary commands as root via the /cgi-bin/cgi_vista.cgi endpoint. Because the device firmware runs its web management logic with root privileges, successful exploitation yields complete takeover of the extender. The single NVD reference is a public researcher gist that very likely contains proof-of-concept detail, though the flaw is not listed in CISA KEV and EPSS risk is modest (0.66%, 47th percentile).
Privilege escalation in Beamsec PhishPro before version 7.5.4.2 allows authenticated low-privileged users to abuse privileged API calls, resulting in full confidentiality, integrity, and availability compromise (CVSS 8.8). The root cause is CWE-648 (Incorrect Use of Privileged APIs), meaning the application exposes or incorrectly gates privileged API operations that low-privileged users can invoke directly. No public exploit exists at time of analysis, and EPSS sits at 0.25% (49th percentile), but the network-accessible, low-complexity attack path warrants prioritized remediation for any internet-facing PhishPro deployment.
A vulnerability in the Linux kernel's HID (Human Interface Device) core subsystem allows local attackers with low privileges to bypass input validation checks when interacting with HID devices. The flaw occurs because certain code paths directly call low-level transport driver functions instead of using the hid_hw_raw_request() function, which performs critical buffer and length validation. With an EPSS score of only 0.01% and no known exploitation in the wild, this represents a local privilege escalation risk primarily concerning systems with untrusted local users.
Use-after-free in Linux kernel TLS implementation allows local authenticated users to achieve high confidentiality, integrity, and availability impact through memory corruption. The vulnerability, triggered by aggressive TCP SKB compaction in net-next, causes TLS to operate on freed socket buffers when checking decrypt state. A vendor patch is available across multiple kernel versions (6.1-rc2 through 6.1-rc5 and later stable branches). No active exploitation confirmed, but CWE-416 use-after-free bugs are frequently targeted due to their code execution potential. EPSS data not provided.
Session hijacking in PHPGurukul e-Diary Management System v1.0 stems from the /edms/change-password.php endpoint failing to invalidate existing sessions after a password change, so a previously captured session identifier remains valid and grants continued authenticated access. Remote attackers who obtain a victim's session token can therefore retain or take over the account even after the legitimate user rotates their password. There is no CISA KEV listing and no confirmed active exploitation; a GitHub reference (VasilVK/CVE) tracking this CVE likely contains a proof-of-concept or write-up, though PoC status is not explicitly confirmed in the source data, and EPSS is low at 0.55% (42nd percentile).
Denial of service in GNOME GLib on Windows platforms occurs when an application uses GLib's process-spawning functions with excessively long command lines, causing the spawn operation to fail or crash the host process and disrupt availability. The flaw affects the GLib library's Windows command-line handling and impacts any Windows application that links GLib and passes attacker-influenced long argument strings to a child process. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; despite Red Hat tags mentioning RCE/Code Injection, the CVSS impact metrics confirm availability-only impact (C:N/I:N/A:H).
Session hijacking in PHPGurukul Doctor Appointment Management System v1.0.0 stems from improper session invalidation in /doctor/change-password.php, where doctor account sessions are not terminated after a password change. A publicly available exploit code exists (GitHub, VasilVK), but there is no public exploit identified as actively exploited and it is not in CISA KEV. EPSS is low at 0.41% (33rd percentile), indicating limited real-world exploitation interest to date.
Session hijacking in PHPGurukul Bank Locker Management System v1.0 lets remote attackers reuse valid session tokens because the /banker/change-password.php component fails to invalidate existing sessions after a password change. Any session token captured before the change (via a shared machine, network capture, or referrer/log leakage) remains usable, letting an attacker impersonate the banker account. A GitHub reference (VasilVK/CVE) is published for this issue, and EPSS risk is low at 0.34% (27th percentile) with no active exploitation reported.
Unsafe deserialization in ChanCMS up to version 3.1.2 allows authenticated remote attackers to achieve limited confidentiality, integrity, and availability impact via manipulation of the targetUrl parameter in the getArticle function of app/modules/cms/controller/collect.js. The CVSS score of 2.1 reflects constrained impact (low severity across all impact categories), but the low EPSS percentile (71%) and publicly available exploit code indicate real-world risk despite authentication requirement. Upgrading to version 3.1.3 resolves the issue.
Unrestricted file upload in code-projects Online Ordering System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/product.php, potentially enabling remote code execution. Despite a critical severity classification, the CVSS 4.0 score of 2.1 reflects low actual impact due to required authentication and limited scope. Publicly available exploit code exists; however, the 0.10% EPSS score (27th percentile) indicates minimal real-world exploitation likelihood, suggesting this is a low-priority vulnerability in practice.
SQL injection in Projectworlds Online Admission System 1.0 allows authenticated remote attackers to manipulate the 'markof' parameter in /admin.php, leading to database queries with limited confidentiality and integrity impact. The vulnerability has publicly available exploit code, though actual exploitation appears limited given the low EPSS score (0.07%) and requirement for authenticated access, suggesting this affects only deployments where admin credentials are already compromised or accessible.
Cool Mo Maigcal Number App versions 1.0.0 through 1.0.3 on Android contain improper export of application components in AndroidManifest.xml, allowing local authenticated attackers to access sensitive functionality of the com.sdmagic.number component. While CVSS severity is minimal (1.9), publicly available exploit code exists; exploitation requires local device access and authenticated privileges but carries information disclosure impact.
Improper export of Android application components in Lobby Universe Lobby App versions 2.0 through 2.8.0 allows local attackers with user-level privileges to access sensitive functionality via the com.maverick.lobby component. The vulnerability stems from AndroidManifest.xml misconfiguration that exposes internal application activities without proper permission protection, enabling local privilege escalation or information disclosure. Publicly available exploit code exists, though exploitation requires local device access and authenticated user privileges.
A race condition in the Linux kernel's MPTCP (Multipath TCP) protocol implementation allows local attackers with limited privileges to trigger a kernel warning and denial of service by causing non-atomic fallback decisions and actions during connection establishment. The vulnerability (CWE-667: Improper Locking) arises from unsynchronized access to fallback state in mptcp_do_fallback() when processing incoming TCP options, enabling a local user to crash the system or hang connections via crafted MPTCP packets. EPSS score of 0.03% indicates low real-world exploitation probability despite moderate CVSS impact severity.
Memory leak and refcount imbalance in Linux kernel VLAN 0 handling allows local attackers with low privileges to trigger denial of service via kernel panic when toggling the rx-vlan-filter feature at runtime on bonded or team interfaces. The vulnerability affects kernel versions 6.16-rc1 through rc3 and potentially earlier versions; vendor-released patches are available across affected stable branches.
Denial of service in Linux kernel net/sched subsystem allows local authenticated attackers to trigger a kernel panic (BUG_ON) by manipulating HTB qdisc (hierarchical token bucket queue discipline) configuration with nested qdisc classes, causing htb_lookup_leaf to encounter an empty rbtree. The vulnerability requires low privilege and local access; no special user interaction is needed once a malicious qdisc configuration is set up. Vendor-released patches are available across multiple stable kernel series.
A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgrid_server.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. Upgrading to version 5.1.1 and 5.4.1 is able to mitigate this issue. Upgrading the affected component is recommended.
A race condition in the Linux kernel's net/sched sch_qfq module allows local authenticated attackers to cause denial of service through NULL pointer dereference or use-after-free errors when concurrent threads modify queue aggregation structures during packet scheduling. The vulnerability requires low privileges and has a low real-world exploitation probability (EPSS 0.02%), though a vendor patch is available.
DNS resolve confusion in netavark, the Rust-based network stack for Podman containers, causes container name lookups to be forwarded to unexpected external DNS servers due to a regression that removed the dns.podman search domain. Affected deployments on Red Hat Enterprise Linux 8/9/10 and OpenShift Container Platform 4.0 running netavark < 1.15.1 are subject to misdirected container DNS resolution when host resolv.conf search domains contain a record matching a running container's hostname. The impact is limited to information disclosure (CVSS 3.7, Low), with no confirmed active exploitation and no public exploit identified at time of analysis.
SQL injection in Campcodes Courier Management System 1.0 via the ID parameter in /view_parcel.php allows authenticated remote attackers to execute arbitrary SQL queries with limited data exposure impact. The CVSS score of 2.1 reflects constraints imposed by authentication requirements (PR:L) and restricted scope, but publicly available exploit code exists; however, the 0.06% EPSS score indicates minimal real-world exploitation likelihood despite public disclosure.
File upload restriction bypass in 299Ko CMS 2.0.0 allows authenticated administrators to upload arbitrary files via the /admin/filemanager/view endpoint, classified as critical but constrained by high-privilege requirement. The vulnerability stems from improper access controls in the file management component (CWE-284). While a public exploit disclosure exists, the EPSS score of 0.06% and CVSS 2.0 reflect the mitigation factor of administrator-level privileges required (PR:H), making real-world exploitation practical only against compromised or malicious admin accounts.
Improper export of Android application components in bsc Peru Cocktails App 1.0.0 allows local authenticated attackers to access unexported activities, services, or broadcast receivers defined in AndroidManifest.xml, leading to information disclosure. The vulnerability has been publicly disclosed with exploit code available, though real-world risk is minimal given the low CVSS score (1.9) and EPSS exploitation probability (0.02%), indicating this affects only authenticated users with local device access and results in limited confidentiality impact.