A vulnerability has been found in Kehua Charging Pile Cloud Platform 1.0 and classified as critical. This vulnerability affects unknown code of the file /home. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adminac.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /filter1.php. The manipulation of the argument vehicle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown processing of the file /filter2.php. The manipulation of the argument from leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addvehicle.php. The manipulation of the argument vehicle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Vehicle Management 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Vehicle Management 1.0. It has been classified as critical. This affects an unknown part of the file /print.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/update_s7.php. The manipulation of the argument credits leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_s5.php. The manipulation of the argument credits leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /student_login.php. The manipulation of the argument user_name/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Arbitrary code execution via CSV/formula injection in RSA Archer (Archer IRM) 6.11.00204.10014 lets an attacker plant spreadsheet formulas through system input fields that are later written into exported CSV files; when a victim opens the export in Excel or a compatible application, the embedded formula runs on their workstation. Publicly available exploit code exists (a proof-of-concept GitHub repository), but the issue is disputed by the vendor and is not listed in CISA KEV. Impact depends entirely on a victim opening the malicious export and bypassing modern spreadsheet warnings, so real-world severity is lower than the 8.8 CVSS suggests.
Credential brute-forcing against CS-Cart 4.18.3 is possible because the vendor login endpoint ships without CAPTCHA, rate limiting, or account lockout, letting remote attackers run automated password-guessing until a valid vendor credential is found. Success yields unauthorized access to a vendor's storefront administration account. A public write-up exists on GitHub, but there is no public exploit identified at time of analysis and no evidence of active exploitation; EPSS is low at 0.24% (15th percentile).
Insecure Direct Object Reference in CS-Cart 4.18.3 lets an authenticated shopper toggle the 'sticker' enable/disable setting on other users' accounts by tampering with the company_id (or similar object identifier) parameter in the user-profile request, because the server never verifies that the caller owns the referenced object. A public technical write-up documenting the request manipulation exists on GitHub, though the flaw is not in CISA KEV and carries a low EPSS score (0.26%, 17th percentile), indicating no confirmed active exploitation. The real-world impact is a low-severity authorization/integrity issue rather than the account takeover implied by the reported CVSS of 8.0.
Cross-Site Request Forgery in CS-Cart 4.18.3 permits an attacker to silently add arbitrary products to an authenticated user's comparison list by tricking the victim into loading a crafted HTTP request. The impact is confined to unauthorized modification of the comparison list feature - no data exfiltration or account takeover is possible via this vector. No public exploit identified at time of analysis, and the EPSS score of 0.14% (4th percentile) reflects very low real-world exploitation interest.
Unrestricted HTML file upload in CS-Cart 4.18.3 enables stored cross-site scripting and phishing attacks against users of affected storefronts. An attacker who can upload files to the platform may submit a crafted HTML document subsequently served from the trusted store domain, allowing arbitrary JavaScript execution in victims' browsers or presentation of convincing fake login pages for credential harvesting. Publicly available exploit code exists on GitHub; the EPSS score of 0.22% (13th percentile) reflects low observed exploitation pressure and the vulnerability is not listed in the CISA KEV catalog.
Path traversal in OpenViglet Shio up to version 0.3.8 allows authenticated remote attackers to read arbitrary files by manipulating the fileName parameter in the shStaticFilePreUpload API endpoint. The vulnerability has low practical impact (CVSS 2.1, EPSS 0.22%) despite being rated critical in severity classification, as it requires prior authentication and provides only limited confidentiality exposure. Public exploit code is available.
Reflected cross-site scripting (XSS) in Portabilis i-Educar 2.9 allows remote attackers to inject malicious scripts via the descricao parameter in /intranet/educar_escolaridade_lst.php, requiring user interaction to execute. The vulnerability has a low CVSS score of 2.1 and EPSS exploitation probability of 0.11%, but publicly available exploit code exists and the vendor did not respond to early disclosure.
Reflected cross-site scripting (XSS) in Portabilis i-Educar 2.9 allows remote attackers to inject malicious scripts via the titulo_avaliacao parameter in /intranet/educar_avaliacao_desempenho_lst.php. The vulnerability requires user interaction (clicking a malicious link) but has a low CVSS score of 2.1 and a minimal EPSS exploitation probability of 0.11%, placing it in the 29th percentile. Publicly available exploit code exists and the vendor has not responded to disclosure attempts.
Reflected cross-site scripting in Portabilis i-Educar 2.9 allows remote attackers to inject arbitrary JavaScript via the campo_busca and cpf parameters in /intranet/pesquisa_pessoa_lst.php. The vulnerability requires user interaction (clicking a malicious link) but enables session hijacking, credential theft, or defacement of educational records. Publicly available exploit code exists; the vendor did not respond to disclosure.
Reflected cross-site scripting (XSS) in Portabilis i-Educar 2.9 allows remote attackers to inject malicious scripts via the 'nome' parameter in /intranet/funcionario_vinculo_lst.php. The vulnerability requires user interaction (clicking a malicious link) but enables session hijacking, credential theft, and unauthorized administrative actions. Public exploit code is available, though EPSS probability remains low at 0.11% percentile, suggesting limited real-world exploitation despite disclosure.
Reflected cross-site scripting (XSS) in Portabilis i-Educar 2.9 allows remote unauthenticated attackers to inject arbitrary JavaScript via the nome or matricula_servidor parameters in /intranet/educar_servidor_lst.php. The vulnerability requires user interaction (clicking a malicious link) and has low confidentiality impact but can lead to session hijacking or credential theft. Publicly available exploit code exists, though exploitation likelihood remains low (EPSS 0.11%) due to user interaction requirement and limited real-world impact surface.
Unrestricted file upload in OpenViglet Shio through version 0.3.8 allows authenticated remote attackers to upload arbitrary files via manipulation of the filename parameter in the ShStaticFileAPI.shStaticFileUpload function. The vulnerability requires valid authentication credentials but lacks proper input validation on uploaded filenames, enabling arbitrary file placement on the server. Publicly available exploit code exists, though EPSS score remains low at 0.11% (28th percentile), suggesting limited real-world exploitation despite public disclosure.
SQL injection in Campcodes Online Hotel Reservation System 1.0 allows authenticated remote attackers to manipulate the room_id parameter in /admin/edit_room.php, enabling data exfiltration and modification with low impact. The vulnerability requires valid login credentials (PR:L) and carries a CVSS 2.1 score reflecting limited scope; however, the public exploit disclosure and EPSS percentile 20 suggest limited real-world exploitation interest despite active availability of proof-of-concept code.
SQL injection in Campcodes Online Hotel Reservation System 1.0 via the room_id parameter in /add_reserve.php allows authenticated remote attackers to execute arbitrary SQL queries, but CVSS 2.1 and EPSS 0.07% (20th percentile) indicate minimal real-world risk despite public exploit availability. The vulnerability requires valid user authentication and produces only low confidentiality, integrity, and availability impact-inconsistent with the 'critical' classification in the initial report.
Reflected cross-site scripting (XSS) in Intern Membership Management System 1.0 allows remote attackers to inject malicious scripts via the email parameter in fill_details.php, executable only with user interaction. The vulnerability has a publicly available exploit and affects the error message handler, resulting in integrity impact (CVSS 2.1, EPSS 0.07%). While the attack vector is network-accessible and requires minimal complexity, the low CVSS and EPSS scores reflect the necessity for user interaction and limited technical impact.
Reflected cross-site scripting (XSS) in Portabilis i-Educar 2.10 allows remote unauthenticated attackers to inject arbitrary JavaScript via the ref_cod_matricula parameter in /educar_aluno_lst.php, affecting users who click malicious links. The vulnerability has publicly available exploit code and a low CVSS score (2.1) due to requirement for user interaction, but represents a typical web application flaw in educational management systems with potential for credential theft or session hijacking.
SQL injection in Kehua Charging Pile Cloud Platform 1.0 endpoint /sys/task/findAllTask allows authenticated remote attackers to execute arbitrary SQL queries with limited confidentiality and integrity impact. The vulnerability has a publicly available exploit and was disclosed to the vendor without response, though EPSS score of 0.04% suggests low real-world exploitation probability despite public POC availability.
Unrestricted file upload in Campcodes Online Hotel Reservation System 1.0 allows high-privileged authenticated administrators to upload arbitrary files via the photo parameter in /admin/edit_room.php, potentially leading to remote code execution. The vulnerability requires administrative credentials to exploit and has publicly available proof-of-concept code, but carries low real-world risk due to the high privilege requirement (PR:H) and limited confidentiality/integrity impact in the CVSS v4.0 vector.
Stored cross-site scripting (XSS) in Portabilis i-Educar 2.10 via the atendidos_cad.php file allows authenticated remote attackers with user interaction to inject malicious scripts through the nome, nome_social, or email parameters, resulting in minor integrity impact. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.
Cross-site scripting (XSS) in Campcodes Online Hotel Reservation System 1.0 allows authenticated users to inject malicious scripts via the Name parameter in /admin/add_query_account.php, affecting the integrity of admin-level functionality. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting direct remote exploitation to attackers with valid credentials; however, publicly available exploit code exists, and the CVSS 2.0 score with VI:L (integrity impact) reflects limited but confirmed damage potential in a stored XSS context.
A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
SQL injection in Lingdang CRM versions up to 8.6.4.7 allows authenticated remote attackers to execute arbitrary SQL queries via the function parameter in the delete_user function of crm/WeiXinApp/yunzhijia/yunzhijiaApi.php. Public exploit code exists, and vendor has released patched version 8.6.5.2 to remediate the vulnerability.