A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument course_year_section/semester causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument username/password results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/add_distributor.php. This manipulation of the argument txtDistributorAddress causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.
A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The affected element is an unknown function of the file /admin/admin_running.php. This manipulation of the argument pid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view_book.php. Executing a manipulation of the argument book_id can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_unit.php. Such manipulation of the argument txtunitDetails leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Integer overflow in GLib's GIO escape_byte_string() function enables heap buffer overflow and denial-of-service when processing malicious filesystem attribute values over the network. The vulnerability affects GLib across GNOME, Red Hat Enterprise Linux 7-10, and OpenShift 4.0+, requiring only unauthenticated network access and user interaction. EPSS score of 0.07% (percentile 22) indicates low exploitation probability despite CVSS 6.5, suggesting the attack requires specific file/attribute handling conditions; no public exploit or active exploitation (CISA KEV) confirmed at analysis time.
WP Job Portal plugin for WordPress allows authenticated attackers with Subscriber-level access to read arbitrary files on the server through path traversal in the 'downloadCustomUploadedFile' function, potentially exposing sensitive configuration files, database credentials, or other confidential data. The vulnerability affects all versions up to and including 2.4.0, with CVSS 6.5 reflecting the high confidentiality impact but low attack complexity and requirement only for basic authenticated access.
Unauthenticated LAN gRPC access on SpaceX Starlink Dish devices running firmware 2024.12.04.mr46620 (Mini1_prod2) permits adjacent-network attackers to invoke administrative functions and read physical telemetry - tilt, rotation, and elevation - without credentials. The cross-origin policy can be circumvented by simply omitting the Referer header, potentially enabling browser-based cross-site requests against the local device. Critically, this report is formally disputed by SpaceX: the vendor states that unauthenticated LAN gRPC is intentional design for mobile app integration, and that cross-origin enforcement is correctly applied to gRPC-Web on port 9201; no public exploit or CISA KEV listing exists at the time of analysis.