Privilege escalation in code-projects Simple Car Rental System 1.0 lets an authenticated low-privilege user forge a high-privilege (administrator) session and invoke sensitive operations reserved for privileged accounts. The flaw is a broken access-control / authentication-bypass issue (CWE-284) with a publicly available exploit, though it is not listed in CISA KEV and carries a low EPSS probability (0.38%, 30th percentile), indicating limited real-world exploitation to date. Any user able to authenticate at a basic level can effectively take over administrative functionality.
Authentication bypass via SQL injection in code-projects Computer Laboratory System 1.0 allows a remote unauthenticated attacker to log in as a valid user by submitting a crafted 'universal password' in the login form's Password field. The injected SQL manipulates the login query so the authentication check always evaluates true, granting access without valid credentials. Publicly available exploit code exists (PoC published on GitHub), though the low EPSS score (0.42%, 34th percentile) and absence from CISA KEV indicate no confirmed active exploitation at time of analysis.
Privilege escalation in SourceCodester Online Student Clearance System 1.0 allows an authenticated low-privilege user to forge a high-privileged (administrator) session through a broken access-control logic flaw and then perform sensitive administrative operations. Publicly available exploit code exists, though the vulnerability is not listed in CISA KEV and carries a modest EPSS score of 0.40% (32nd percentile), indicating no evidence of widespread active exploitation yet. The flaw is authenticated (PR:L) but network-reachable and low-complexity, yielding full confidentiality, integrity, and availability impact.
Stored HTML/script injection in RISE Ultimate Project Manager & CRM (vendor fairsketch) lets authenticated low-privilege users embed attacker-controlled markup into invoices and messages that later renders in outbound emails, generated PDFs, and the in-app messaging/chat modules delivered to clients and staff. Because injected content is stored server-side and redistributed-amplified by automated recurring invoices-it functions as a persistent phishing and credential-harvesting vector rather than a memory-corruption bug. Publicly available exploit code exists (GitHub PoC), but there is no public exploit identified as actively used in the wild, and the EPSS probability is modest at 1.06% (61st percentile).
A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument txtspecialization leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
A vulnerability was detected in code-projects Online Job Search Engine 1.0. This issue affects some unknown processing of the file /registration.php. Performing manipulation of the argument txtusername results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
Authentication bypass in Ash framework (Elixir) allows authenticated users to escalate privileges and access unauthorized data by exploiting incorrect authorization checks in the policy authorizer. Affects all versions before 3.6.2. EPSS data not yet available for this recent CVE. No confirmed active exploitation (CISA KEV status: not listed), though the issue is tagged as Authentication Bypass with a GitHub security advisory indicating vendor awareness and patching.
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
Stored Cross-Site Scripting in code-projects Simple Online Hotel Reservation System 1.0 allows a low-privileged attacker to inject persistent malicious JavaScript into the Add Room Description field, which executes in the administrator's browser session when room information is viewed, resulting in session cookie theft. The CVSS vector (PR:L/UI:R/S:C) confirms the attack requires authenticated access to add rooms and administrator interaction to trigger, but scope change to C:L reflects the realistic impact of session hijacking. A publicly available proof-of-concept exploit exists on GitHub, though no public exploitation has been confirmed and EPSS sits at a low 0.24th-percentile probability.
Privilege abuse and authentication bypass in Aybs Interaktif (by Usta Information Systems Inc.) expose high-confidentiality and high-integrity impacts to local attackers who require no prior privileges. The vulnerability cluster - spanning incorrect permission assignment, missing authorization, incorrect authorization, and sensitive data exposure (CWE-200) - enables an actor with local system access to bypass access controls, potentially reading sensitive resources and modifying data without authorization. No public exploit or CISA KEV listing is identified at time of analysis, but the Turkish National CERT (USOM) has issued advisory TR-25-0329 covering all versions from 2024 through build 28082025.
Arbitrary file upload in Mingsoft MCMS v6.0.1 enables remote code execution on the underlying server by uploading a crafted file - likely a JSP web shell - to a reachable endpoint. The NVD-assigned CVSS score of 6.5 with C:L/I:L impact subscores is materially inconsistent with the stated code execution impact, and this discrepancy should be independently verified. No public exploit has been confirmed as actively exploited per CISA KEV, though a Gist-based reference in NVD data may represent a proof-of-concept; EPSS is low at 0.28% (20th percentile), suggesting no widespread scanning or exploitation observed at time of analysis.
Drupal Protected Pages module fails to implement rate limiting on authentication attempts, enabling unauthenticated attackers to conduct brute force attacks against password-protected content. Affected versions include Protected Pages 0.0.0 through 1.7.x and 7.x-1.0 through 7.x-2.4. The vulnerability permits attackers to enumerate valid credentials and bypass access controls through repeated login submissions without detection or throttling mechanisms. No public exploit code or active exploitation has been confirmed; EPSS scoring of 0.05% (15th percentile) indicates low real-world exploitation likelihood despite the moderate CVSS score of 6.5.
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to manipulate the plan parameter in /admin/user-payment.php, resulting in limited data access. The vulnerability requires valid login credentials and has low real-world impact due to constrained scope (no server impact, no integrity violation), though publicly available exploit code exists and exploitation probability is minimal per EPSS analysis.
SQL injection in CodeAstro Gym Management System 1.0 via the fullname parameter in /customer/index.php allows authenticated remote attackers to execute arbitrary SQL queries with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; however, the EPSS score of 0.03% (8th percentile) suggests minimal real-world exploitation despite public POC availability, likely due to authentication requirement and narrow deployment scope of this niche management application.
Authorization bypass and sensitive information disclosure in Usta Information Systems Inc. Aybs Interaktif allows a locally authenticated low-privilege user to access unauthorized data through forceful browsing, parameter injection, and input data manipulation. The vulnerability chain - CWE-639 (user-controlled key bypass) combined with CWE-862 (missing authorization) and CWE-200 (information disclosure) - permits manipulation of application parameters to circumvent access controls and retrieve sensitive records belonging to other users or restricted contexts. No confirmed active exploitation (not in CISA KEV), and the EPSS score of 0.02% (4th percentile) indicates minimal observed exploitation pressure at time of analysis.
A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.
HCL AION 2.0 improperly caches sensitive SSL/HTTPS page content, allowing attackers or local users with device or browser access to retrieve cached credentials, system identifiers, and internal file paths. The vulnerability has a CVSS score of 3.7 (low severity) due to high attack complexity and local/physical access requirements, with no public exploit or active exploitation confirmed.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
Cross-site scripting (XSS) in drupal-pattern-lab/unified-twig-extensions (all versions from 0.0.0) allows authenticated users to inject malicious scripts through insufficient output filtering, but only when the code is executed outside of Drupal environments such as Pattern Lab. The package is unmaintained; the vulnerability is fixed in the successor drupal/unified_twig_ext version 1.1.1. EPSS exploitation probability is extremely low at 0.02%, and no public exploit code has been identified.