Stored Cross-Site Scripting in code-projects Simple Scheduling System 1.0 allows an attacker to inject arbitrary JavaScript via the Subject Description field, which executes in victims' browsers when they view the affected page. The scope change in the CVSS vector (S:C) confirms the script runs in a different security context than where the payload is injected, enabling session hijacking, credential theft, or malicious redirects against users of the application. A publicly available proof-of-concept exploit exists, though exploitation probability remains low (EPSS 0.22%) and no confirmed active exploitation is recorded.
Stored cross-site scripting in code-projects Client Details System 1.0 allows an attacker who can submit customer records to persist malicious JavaScript in the username field, which then executes in the browser of any user who subsequently views that record. The CVSS scope change (S:C) indicates the payload crosses from the application's trust boundary into a victim's browser session, enabling session hijacking or credential theft against administrative users. A publicly available proof-of-concept exists, though no CISA KEV listing has been issued and the EPSS score of 0.22% (12th percentile) reflects low observed exploitation activity.
Unauthenticated attackers bypass authentication and gain complete account access, including administrator privileges, in Search & Go - Directory WordPress Theme versions ≤2.7 when Facebook login functionality is enabled. Exploitation requires no user interaction and no authentication. The vulnerability stems from insufficient user validation in the search_and_go_elated_check_facebook_user() function, allowing arbitrary account takeover. No public exploit identified at time of analysis. This issue is remotely exploitable over the network with low attack complexity.
A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used.
A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The patch is identified as 3a1cffd2aea63d884025949cfbcfd274d06216a4. A patch should be applied to remediate this issue.
A vulnerability was determined in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/supplier_update.php. This manipulation of the argument supp_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
A flaw has been found in code-projects Simple Leave Manager 1.0. This vulnerability affects unknown code of the file /user.php. This manipulation of the argument table causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendar_of_events.php. The manipulation of the argument date_start results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Remote code execution in Newforma Project Center Server (NPCS) 2024.3 allows unauthenticated attackers to execute arbitrary code with NT AUTHORITY\NetworkService privileges by sending malicious serialized .NET data to the '/ProjectCenter.rem' endpoint on TCP port 9003. The vulnerability stems from insecure deserialization of untrusted data on a network-exposed endpoint. While vendor architecture recommends internal-only deployment, the service accepts network connections without authentication (CVSS AV:N/PR:N), creating critical risk for organizations with exposed instances. CWE-306 (Missing Authentication) confirms the root cause as lack of authentication controls on a sensitive endpoint.
A privilege escalation vulnerability exists in the integration between Active Directory and the System Security Services Daemon (SSSD) on Linux systems, where an attacker with permissions to modify AD attributes can impersonate privileged users by exploiting a fallback mechanism in the Kerberos authentication plugin. The vulnerability affects domain-joined Linux hosts running SSSD in default configurations and allows attackers to gain unauthorized access with high privileges. With a low EPSS score of 0.05% and no KEV listing, this appears to be a theoretical risk requiring existing AD permissions rather than an actively exploited vulnerability.
A local privilege-boundary/state-handling flaw in the Linux kernel's TCP stack lets an unprivileged user leave a stale TCP Fast Open request socket (fastopen_rsk) attached to a socket after tcp_disconnect(), which the retransmit timer later dereferences. By abusing accept() → connect(AF_UNSPEC) → connect() on a server-side TFO socket before the 3-way handshake completes, an attacker drives the socket into TCP_ESTABLISHED while retaining fastopen_rsk, triggering a kernel WARNING in tcp_retransmit_timer() and a failed retransmission. There is no public exploit identified at time of analysis, and the issue is not in CISA KEV; it was found by syzbot and resolved upstream by calling reqsk_fastopen_remove() in tcp_disconnect().
Command injection in Tenda AC7 firmware 15.03.06.44 via the /goform/AdvSetLanip endpoint allows authenticated remote attackers to execute arbitrary commands with low impact on confidentiality, integrity, and availability. The vulnerability requires valid login credentials (PR:L) and affects the lanIp parameter. Publicly available exploit code exists, and EPSS scoring of 0.39% indicates low real-world exploitation probability despite public POC availability.
Insecure inherited permissions in Portabilis i-Educar up to version 2.9.10 allow authenticated remote attackers to escalate privileges through the User Type Handler component in AccessLevelController.php, potentially gaining unauthorized access to protected functionality. The vulnerability requires valid login credentials (PR:L) but carries low confidentiality, integrity, and availability impact (VC:L/VI:L/VA:L). Publicly available exploit code exists, though EPSS score of 0.06% (19th percentile) suggests limited real-world exploitation despite public disclosure.
Stored cross-site scripting (XSS) in code-projects Voting System 1.0 allows remote attackers to inject malicious scripts via the Firstname, Lastname, or Platform parameters in /admin/voters_add.php, requiring user interaction to trigger payload execution. The vulnerability has a low CVSS score (2.1) due to UI requirement, but publicly available exploit code exists and the attack requires no authentication or special configuration.
SQL injection vulnerability in Courier Management System 1.0 allows authenticated remote attackers to manipulate the Shippername parameter in /add-courier.php, enabling database queries to be executed with limited confidentiality and integrity impact. The publicly available exploit code and low CVSS score (2.1) reflect the requirement for valid authentication credentials, limiting real-world risk despite confirmed exploit availability.
SQL injection in code-projects Online Complaint Site 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the Category parameter in /admin/category.php, with publicly available exploit code. CVSS score of 2.1 reflects limited confidentiality impact and requirement for low-privilege authentication; EPSS of 0.03% indicates very low real-world exploitation probability despite public POC availability.
SQL injection in code-projects Student Result Manager 1.0 allows authenticated remote attackers to manipulate roll, name, or GPA parameters in Database.java, resulting in limited confidentiality, integrity, and availability impact. The vulnerability requires valid login credentials and has been publicly disclosed with exploit code available, but carries very low exploitation probability (EPSS 0.03%) and minimal security impact due to restricted scope.
SQL injection in Online Complaint Site 1.0 allows authenticated remote attackers to manipulate the state parameter in /cms/admin/state.php, enabling data exfiltration or modification with limited scope. Publicly available exploit code exists; however, the CVSS 2.1 score and 0.03% EPSS percentile indicate low real-world exploitation risk despite the presence of proof-of-concept.
SQL injection in code-projects Online Complaint Site 1.0 allows authenticated remote attackers to manipulate the cid parameter in /cms/users/complaint-details.php, leading to limited data exposure. The vulnerability requires valid user authentication and has a publicly available proof-of-concept, but the EPSS score of 0.03% and CVSS impact metrics (VC:L/VI:L/VA:L) indicate low real-world exploitation probability despite public availability of exploit code.
SQL injection in code-projects Online Complaint Site 1.0 allows authenticated remote attackers to manipulate the cid parameter in /cms/users/register-complaint.php, resulting in limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, though the EPSS score of 0.03% and requirement for prior authentication significantly constrain real-world exploitation risk compared to the CVSSv4 score of 2.1.
SQL injection in code-projects Online Complaint Site 1.0 allows authenticated remote attackers to manipulate the Username parameter in /cms/users/index.php and execute arbitrary SQL queries with limited impact to confidentiality, integrity, and availability. The CVSS 2.1 score and 0.03% EPSS percentile indicate low real-world risk despite public exploit availability, likely due to the authentication requirement (PR:L) and constrained impact scope.
Improper input neutralization in Palo Alto Networks PAN-OS management web interface allows authenticated high-privilege administrators to bypass system restrictions and execute arbitrary commands through command injection. The vulnerability affects PAN-OS across multiple versions (specific version ranges not independently confirmed from provided data), with a low EPSS exploitation probability (0.06%, 17th percentile) and no confirmed active exploitation or public proof-of-concept. Risk is significantly reduced when CLI access is restricted to a limited administrator group; Cloud NGFW and Prisma Access are unaffected.