SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to manipulate the plan parameter in /admin/user-payment.php, resulting in limited data access. The vulnerability requires valid login credentials and has low real-world impact due to constrained scope (no server impact, no integrity violation), though publicly available exploit code exists and exploitation probability is minimal per EPSS analysis.
SQL injection in CodeAstro Gym Management System 1.0 via the fullname parameter in /customer/index.php allows authenticated remote attackers to execute arbitrary SQL queries with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; however, the EPSS score of 0.03% (8th percentile) suggests minimal real-world exploitation despite public POC availability, likely due to authentication requirement and narrow deployment scope of this niche management application.
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.
HCL AION 2.0 improperly caches sensitive SSL/HTTPS page content, allowing attackers or local users with device or browser access to retrieve cached credentials, system identifiers, and internal file paths. The vulnerability has a CVSS score of 3.7 (low severity) due to high attack complexity and local/physical access requirements, with no public exploit or active exploitation confirmed.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
Cross-site scripting (XSS) in drupal-pattern-lab/unified-twig-extensions (all versions from 0.0.0) allows authenticated users to inject malicious scripts through insufficient output filtering, but only when the code is executed outside of Drupal environments such as Pattern Lab. The package is unmaintained; the vulnerability is fixed in the successor drupal/unified_twig_ext version 1.1.1. EPSS exploitation probability is extremely low at 0.02%, and no public exploit code has been identified.