Server-side request forgery in Yalantis uCrop 2.2.11 allows authenticated remote attackers to manipulate the downloadFile function in BitmapLoadTask.java URL handler, enabling arbitrary HTTP requests from the affected server. The vulnerability requires user authentication (PR:L) and carries limited confidentiality and integrity impact. Public exploit code exists, though the vendor has not responded to early disclosure attempts.
CRLF injection in code-projects Rental Management System 2.0 allows authenticated remote attackers to manipulate log entries via the Log Handler component in Transaction.java, enabling log tampering with minimal real-world impact. The vulnerability requires prior authentication (PR:L), has low integrity impact, and carries a very low EPSS score (0.07%) despite public exploit availability, suggesting exploitation is limited to specific threat scenarios.
Server-side request forgery in PowerJob up to version 5.1.2 allows authenticated remote attackers to manipulate the targetIp and targetPort arguments in the checkConnectivity function of the Network Request Handler component, enabling SSRF attacks with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; however, the EPSS score of 0.03% indicates minimal real-world exploitation probability despite the public exploit availability, suggesting this vulnerability has seen limited active abuse.
Unrestricted file upload in SourceCodester Real Estate Property Listing App 1.0 allows high-privileged authenticated users to upload arbitrary files via the image parameter in /admin/property.php, potentially leading to remote code execution. The vulnerability affects only administrators or high-privilege accounts due to PR:H requirements, but public exploit code exists and EPSS scoring indicates low real-world exploitation probability (0.07th percentile).
Stored cross-site scripting (XSS) in baowzh hfly up to commit 638ff9abe9078bc977c132b37acbe1900b63491c allows authenticated users with user interaction to inject malicious scripts via the /admin/index.php/advtext/add endpoint in the advtext module. Public exploit code is available, and the vulnerability carries a low CVSS score of 2.0 due to authentication and user-interaction requirements, but the EPSS score of 0.05% indicates minimal real-world exploitation probability despite public availability of proof-of-concept code.
Yalantis uCrop 2.2.11 contains an improperly exported Android application component (UCropActivity) in AndroidManifest.xml that allows local attackers with application-level privileges to access the component via intent manipulation, potentially disclosing sensitive information. The vulnerability requires local access and user application permissions but affects confidentiality with low impact. Public exploit code is available, though the EPSS score of 0.06% suggests limited real-world exploitation despite public disclosure.
Arbitrary file deletion via path traversal in baowzh hfly up to commit 638ff9abe9078bc977c132b37acbe1900b63491c allows authenticated remote attackers to delete files by manipulating the filename parameter in /admin/index.php/datafile/delfile. The vulnerability has public exploit code available but remains low-risk due to authentication requirement and limited scope (information integrity impact only).
Path traversal vulnerability in baowzh hfly allows authenticated remote attackers to read arbitrary files via manipulation of the filename parameter in the /admin/index.php/datafile/download endpoint. The vulnerability affects versions up to commit 638ff9abe9078bc977c132b37acbe1900b63491c, with publicly available exploit code disclosed and no vendor response to early disclosure notification. CVSS score of 2.1 reflects limited confidentiality impact but the low EPSS (0.15%) suggests minimal real-world exploitation despite public disclosure.
Unrestricted file upload in baowzh hfly allows authenticated remote attackers to upload arbitrary files via manipulation of the imgFile parameter in /Public/Kindeditor/php/upload_json.php. The vulnerability affects rolling-release versions up to commit 638ff9abe9078bc977c132b37acbe1900b63491c, carries low overall risk (CVSS 2.1, EPSS 0.07%), and has publicly available exploit code but requires authenticated access, significantly limiting real-world exploitability compared to unauthenticated file upload scenarios.
Reflected cross-site scripting (XSS) in yangshare warehouseManager 仓库管理系统 1.1.0 allows authenticated remote attackers to inject malicious scripts via the Name parameter in the addCustomer function of CustomerManageHandler.java. User interaction is required for exploitation. Public exploit code is available, and the vulnerability has been disclosed publicly.
Command injection in EFM ipTIME A3004T firmware version 14.19.0 allows authenticated remote attackers to execute arbitrary commands via malformed input to the aaksjdkfj parameter in the show_debug_screen function of /sess-bin/timepro.cgi. Public exploit code is available, but the vulnerability has a high attack complexity requirement and the vendor has not issued a patch despite early disclosure notification.