Unauthenticated fastjson deserialization in WukongCRM 9.0 (Java edition) via the /OaExamine/setOaExamine HTTP endpoint allows remote attackers to supply attacker-controlled class references that the Alibaba fastjson library instantiates at runtime, enabling arbitrary Java gadget-chain execution. A public proof-of-concept is available on GitHub, lowering the exploitation bar considerably. While the assigned CVSS scores impact conservatively at I:L/A:L with no confidentiality loss, this is inconsistent with the well-documented RCE potential of fastjson deserialization gadget chains - the actual impact may be understated. No public exploit has been confirmed as actively exploited (not in CISA KEV).
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation of the argument searchdata causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The manipulation of the argument searchdata results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
A vulnerability has been found in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /admin/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/edit_order_details.php. The manipulation of the argument order_id results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument delid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1.1. This issue affects some unknown processing of the file /admin/manage-services.php. Executing a manipulation of the argument delid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
A vulnerability was detected in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /register.php. Performing manipulation of the argument register_username results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
A security vulnerability has been detected in SourceCodester Wedding Reservation Management System 1.0. Impacted is the function insertReservation of the file function.php. Such manipulation of the argument number leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
A security flaw has been discovered in SourceCodester Wedding Reservation Management System 1.0. This vulnerability affects unknown code of the file /global.php. The manipulation of the argument User results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument login_username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. Executing a manipulation of the argument user_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function of the file /edit_curr.php. Such manipulation of the argument currsymbol leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /edit_room.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function of the file /edit_customer.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing a manipulation of the argument uname can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
A vulnerability was identified in itsourcecode Leave Management System 1.0. This affects an unknown function of the file /reset.php. Such manipulation of the argument employid leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
OS command injection in the Curo UC300 (firmware 5.42.1.7.1.63R1) unified communications device lets an authenticated attacker with admin-panel access run arbitrary operating-system commands by injecting shell metacharacters into the "IP Addr" parameter. Successful exploitation yields full command execution on the underlying device (high confidentiality, integrity, and availability impact). A public GitHub repository referenced by NVD indicates publicly available exploit code exists, though the flaw is not listed in CISA KEV and its EPSS probability is modest (1.15%, 63rd percentile).
Improper authorization in Casdoor (an open-source Identity and Access Management / SSO platform) versions 2.26.0 and earlier lets a remote authenticated administrator of ANY organization escalate beyond their tenant boundary. Because the permission-verification module and the organization/application editing interface fail to enforce object-level scope, a low-trust org admin can bypass access controls simply by concatenating/manipulating URLs after login to read and modify resources belonging to other organizations. A public technical writeup/PoC gist exists; it is not listed in CISA KEV and EPSS is low (0.61%, 45th percentile), so exploitation is plausible but not confirmed in the wild. Fixed in v2.63.0.
OpnForm versions up to 1.9.3 fail to properly restrict excessive authentication attempts when the X-Forwarded-For HTTP header is manipulated, allowing remote attackers to bypass rate-limiting controls. An attacker can exploit this by spoofing their source IP address through header manipulation to conduct brute-force attacks against user credentials without triggering account lockout mechanisms. Publicly available exploit code exists; however, the CVSS score of 2.9 and EPSS percentile of 35% indicate low real-world exploitation likelihood despite the public POC, suggesting this requires specific application configurations or deployment contexts to be practically exploitable.
OpnForm versions up to 1.9.3 expose sensitive information through a timing-based discrepancy in the forgotten password handler endpoint (/api/password/email), allowing remote unauthenticated attackers to enumerate valid email addresses or extract partial account information with high attack complexity. The vulnerability is rooted in a Laravel framework issue (Laravel #46465) for which the vendor has taken no mitigation action. Publicly available exploit code exists, though EPSS scoring (0.04%) indicates low real-world exploitation likelihood despite theoretical exploitability.
OS command injection in DesktopCommanderMCP up to version 0.2.13 allows authenticated remote attackers to execute arbitrary operating system commands via the extractBaseCommand function in src/command-manager.ts when processing absolute file paths. The vulnerability requires authentication and has limited real-world impact scope, reflected in a low CVSS score of 2.1 and EPSS of 0.15%, though publicly available exploit code exists and the vendor acknowledges the issue remains unfixed pending real-world incident reports.
OS command injection in DesktopCommanderMCP up to version 0.2.13 allows authenticated remote attackers to execute arbitrary system commands via manipulation of the CommandManager function in src/command-manager.ts. The vulnerability has a low CVSS score (2.1) due to authentication requirement and limited scope, but publicly available exploit code exists and the low EPSS score (0.14th percentile) suggests real-world exploitation risk is minimal despite public POC availability.
OpnForm up to version 1.9.3 contains a cross-site request forgery vulnerability in an undisclosed API endpoint, though the practical exploitability is severely constrained by the vendor's mandatory use of JWT Bearer token authentication. The vulnerability requires an attacker to first obtain a valid JWT token through a separate XSS attack, which the vendor states has been mitigated in the product, making the CSRF itself a secondary concern rather than an independent attack vector. Publicly available exploit code exists, but real-world impact is minimal given the authentication and XSS mitigation barriers.
Unrestricted file upload in JhumanJ OpnForm through version 1.9.3 allows authenticated users to bypass upload restrictions via the /answer endpoint, resulting in unauthorized file storage with limited confidentiality and integrity impact. The vulnerability requires valid authentication and has a publicly available exploit with low real-world exploitation probability (EPSS 0.05%), but the combination of low CVSS (2.1), authentication requirement, and limited impact suggests this is not a critical priority despite public exploit availability.
Unrestricted file upload in projectworlds Advanced Library Management System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /edit_book.php, resulting in low-impact confidentiality, integrity, and availability violations. Public exploit code is available, though EPSS exploitation probability remains very low at 0.05%, suggesting limited real-world attack incentive despite authentication requirement bypass potential.
Stored cross-site scripting (XSS) in JhumanJ OpnForm up to version 1.9.3 allows remote attackers to inject malicious scripts via the /show/submissions endpoint, affecting all users who view affected submissions. The vulnerability requires user interaction (UI:P) to trigger but carries low integrity impact (VI:L). Public exploit code exists, and a patch has been released; however, the CVSS 2.1 score and 0.05% EPSS percentile indicate limited real-world exploitation despite public disclosure.
Unrestricted file upload in Campcodes Advanced Online Voting System 1.0 allows authenticated attackers to upload arbitrary files via manipulation of the photo parameter in /admin/voters_add.php. The vulnerability requires valid login credentials (PR:L) but affects confidentiality, integrity, and availability with low severity. Publicly available exploit code exists; however, EPSS score of 0.04% indicates minimal real-world exploitation probability despite public POC availability.
Missing authorization in OpnForm up to version 1.9.3 allows authenticated remote attackers to access the /custom-domains API endpoint without proper permission checks, potentially enabling unauthorized configuration changes. The vulnerability affects unknown code handling custom domain management and is confirmed to have publicly available exploit code, though with a low CVSS score (2.1) and minimal exploitation probability (EPSS 0.04%), indicating limited real-world risk despite the authentication bypass nature.
SQL injection in SourceCodester Farm Management System 1.0 allows authenticated remote attackers to manipulate the Type parameter in /uploadProduct.php, resulting in limited confidentiality, integrity, and availability impact. The vulnerability has a low CVSS score (2.1) and EPSS score (0.04%) despite public exploit availability, indicating minimal real-world exploitation risk due to the requirement for prior authentication and constrained impact scope.
SQL injection in Blood Bank And Donation Management System allows authenticated remote attackers to manipulate the fullname parameter in /donate_blood.php, potentially leading to unauthorized data access or modification. The vulnerability affects all versions up to commit dc9e0393d826fbc85fad9755b5bc12cba1919df2, with publicly available exploit code and a low EPSS score of 0.03% despite CVSS 2.1, indicating exploitation is unlikely in practice due to authentication requirements and limited technical impact.
SQL injection in E-Commerce Website 1.0 allows authenticated remote attackers to manipulate the supp_email parameter in /pages/supplier_add.php, achieving limited information disclosure and integrity violation. The vulnerability requires login credentials (PR:L in CVSS 4.0 vector) but can be exploited over the network with low complexity. Publicly available exploit code exists, though EPSS scoring (0.03%) suggests minimal real-world exploitation despite proof-of-concept availability.
SQL injection in E-Commerce Website 1.0 allows authenticated remote attackers to manipulate the prod_name parameter in /pages/product_add.php, leading to limited confidentiality, integrity, and availability impact. The vulnerability has low real-world risk despite public exploit availability due to low EPSS score (0.03%, 8th percentile) and requirement for prior authentication, suggesting exploitation is unlikely in typical deployments.
SQL injection in code-projects Web-Based Inventory and POS System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the shopid parameter in /transaction.php, resulting in limited data confidentiality, integrity, and availability impact. The CVSS 2.1 score reflects low severity due to authentication requirement and constrained scope, but publicly available exploit code exists and the vulnerability has been publicly disclosed.
Improper access controls in OpnForm versions up to 1.9.3 allow authenticated remote attackers to manipulate the /edit function, gaining unauthorized access to resources or functionality. The CVSS score of 2.1 reflects low severity due to authentication requirements and limited confidentiality impact, though the exploit has been publicly disclosed and an upstream patch is available. Real-world risk is minimal given the low EPSS score (0.03%, 8th percentile) despite public POC availability.
Missing authorization in OpnForm up to version 1.9.3 allows authenticated remote attackers to manipulate the /show/integrations endpoint, bypassing access controls and potentially exposing integration configurations with limited confidentiality impact. The vulnerability requires low-privilege authentication (PR:L per CVSS 4.0 vector), limiting its severity despite public exploit availability; EPSS score of 0.03% indicates minimal real-world exploitation likelihood despite POC publication.
SQL injection in SourceCodester Farm Management System 1.0 allows authenticated remote attackers to manipulate the Name parameter in /buyNow.php, enabling data exfiltration or modification with limited impact. The vulnerability is exploitable via network access without elevated privileges, publicly available exploit code exists, but real-world risk remains low due to authentication requirement and constrained scope (limited confidentiality, integrity, and availability impact per CVSS4.0 scoring).
SQL injection in SourceCodester Farm Management System 1.0 allows authenticated remote attackers to manipulate the pid parameter in /myCart.php, enabling database queries with limited confidentiality and integrity impact. Public exploit code exists, though the EPSS score of 0.03% suggests minimal real-world exploitation despite the availability of proof-of-concept.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the Name parameter in /edit_booking.php, resulting in limited confidentiality and integrity impact. The vulnerability has public exploit code available but carries exceptionally low EPSS exploitation probability (0.03%, 8th percentile), suggesting minimal real-world threat despite network accessibility and low attack complexity.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the Contact parameter in /pages/save_customer.php, enabling data exfiltration or modification with limited scope impact. Publicly available exploit code exists and the vulnerability carries a low CVSS score (2.1) due to requirement for prior authentication and limited technical impact, though the public exploit availability increases practical exploitation risk for unpatched instances.
Unrestricted file upload in SourceCodester Hotel and Lodge Management System version 1.0 allows high-privileged authenticated attackers to upload arbitrary files via the website_image or back_login_image parameters in /manage_website.php, potentially enabling remote code execution. Publicly available exploit code exists, though the low CVSS score of 2.0 reflects the requirement for high-level administrative privileges to trigger the vulnerability.
Unrestricted file upload in code-projects Voting System 1.0 allows authenticated high-privilege administrators to upload arbitrary files via the photo parameter in /admin/voters_add.php, potentially leading to remote code execution. The vulnerability requires high-privilege credentials (PR:H) to exploit and affects only administrative functions; publicly available exploit code exists but exploitation is limited to admin-authenticated attackers with access to the administrative interface.
Reflected cross-site scripting (XSS) in itsourcecode Leave Management System 1.0 allows authenticated remote attackers to inject malicious scripts via the ID query parameter in /module/employee/controller.php?action=reset, requiring user interaction to execute. Public exploit code is available, though the vulnerability carries low real-world risk (EPSS 0.03%, CVSS 2.0) due to authentication and user-interaction requirements limiting broad exploitation.
Stored cross-site scripting (XSS) in code-projects Voting System 1.0 allows authenticated users with low privileges to inject malicious scripts via the Firstname, Lastname, or Platform parameters in /admin/candidates_edit.php, which execute in the context of other users' browsers when the edited candidate record is viewed. The vulnerability requires user interaction (UI:P) but affects integrity of data displayed to administrators. Exploit code is publicly available on GitHub, though EPSS score of 0.03% indicates limited real-world exploitation despite published POC.
Out-of-bounds read in GNU Binutils 2.45 linker component allows local authenticated attackers to trigger memory access violations via crafted input to the _bfd_x86_elf_late_size_sections function in bfd/elfxx-x86.c. The vulnerability has publicly available exploit code and requires local access with limited privileges; real-world impact is minimal availability loss (CVSS 1.9, EPSS 0.03%) rather than confidentiality or integrity compromise.
Stored cross-site scripting (XSS) in SourceCodester Student Grades Management System 1.0 allows authenticated administrators with high privileges to inject malicious scripts via the first_name or last_name parameters in the Manage Users Page (/admin.php), which are then executed when viewed by other users. The vulnerability requires administrator authentication and user interaction (page view), limiting real-world impact despite public exploit availability. EPSS exploitation probability is extremely low (0.03%, 9th percentile), reflecting the restrictive access controls (PR:H) and user interaction requirement (UI:P) despite network-accessible delivery.
Cross-site scripting vulnerability in JhumanJ OpnForm up to version 1.9.3 allows authenticated remote attackers with high privileges to inject malicious scripts via the Form Editor component at /api/open/forms/. The vulnerability requires user interaction to trigger and is mitigated by default when users configure their own domain. Publicly available exploit code exists, though real-world risk is severely constrained by the high privilege requirement, user interaction dependency, and vendor's default mitigation posture (CVSS 1.9, EPSS 0.03%).
Stored cross-site scripting in projectworlds Advanced Library Management System 1.0 allows authenticated users with high privileges to inject malicious scripts via the firstname parameter in /edit_admin.php, affecting other users who view admin profiles. Exploitation requires high-privilege authentication and user interaction (UI:P), limiting real-world impact despite network accessibility. Public exploit code exists and EPSS exploitation probability is minimal at 0.03%, suggesting this remains a low-priority vulnerability despite CVE assignment.