A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is sufficient to resolve this issue. The affected component should be upgraded. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Code injection in CTCMS up to version 2.1.2 allows high-privilege authenticated remote attackers to inject arbitrary code via manipulation of the Cj_Add or Cj_Edit arguments in the Backend System Configuration Module (/ctcms/libs/Ct_Config.php). Public exploit code is available, but exploitation requires administrative credentials and produces only low confidentiality impact without scope expansion. EPSS score of 0.07% indicates minimal real-world exploitation probability despite public POC availability.
Code injection in CTCMS up to version 2.1.2 allows high-privileged remote attackers to inject arbitrary code via the CT_App_Paytype parameter in the Backend App Configuration Module's Save function. The vulnerability has a low CVSS score (2.0) due to requiring high administrative privileges (PR:H), but publicly available exploit code exists. Real-world risk is limited to authenticated administrators with backend access.
Sixun Shanghui Group Business Management System 4.10.24.3 allows unauthenticated remote attackers to access files and directories through the /ExportFiles/ endpoint due to improper access controls, resulting in information disclosure of sensitive data. The vulnerability requires high attack complexity and has publicly available exploit code, but remains difficult to exploit in practice with an EPSS score of 0.06% indicating minimal real-world exploitation probability.
Remote code execution via dynamic code resource manipulation in SamuNatsu HaloBot's Inter-plugin API allows authenticated remote attackers to execute arbitrary code by manipulating the action argument in the html_renderer plugin. The vulnerability affects unsupported legacy versions of the product (commit hash 026b01d4a896d93eaaf9d5163a287dc9f267515b and earlier), with publicly available exploit code disclosed but no vendor-released patch, as the maintainer has abandoned the project and did not respond to early disclosure.
SQL injection in ketr JEPaaS up to version 7.2.8 allows high-privileged remote attackers to manipulate the keyWord argument in the readAllPostil function (/je/postil/postil/readAllPostil), resulting in limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, though the CVSS score of 2.0 reflects the requirement for high-level privileges (PR:H), significantly limiting real-world exploitation scope.
Stored cross-site scripting (XSS) vulnerability in vion707 DMadmin backend allows high-privilege authenticated users to inject malicious scripts via the Add function in AddonsController, affecting the application's integrity. The vulnerability requires user interaction (UI:P) and high-privilege access (PR:H), limiting real-world exploitation risk despite a network attack vector. Public exploit code is available, but the extremely low CVSS score (1.9) and EPSS probability (0.05th percentile) suggest minimal practical risk in typical deployments.
Path traversal vulnerability in Smartbit CommV Smartschool App up to version 10.4.4 allows local authenticated attackers to manipulate the SplashActivity component and access or modify files outside intended directories. The vendor has not responded to early disclosure notification, and public exploit code is available.
Path traversal vulnerability in Municorn FAX App 3.27.0 on Android allows local authenticated users to access files outside intended directories with low confidentiality, integrity, and availability impact. The vulnerability affects the biz.faxapp.app component and has been publicly disclosed with exploit code available, though EPSS exploitation probability remains very low at 0.04%, suggesting limited real-world attack likelihood despite public availability.
Path traversal vulnerability in atlaszz AI Photo Team Galleryit App version 1.3.8.2 on Android allows authenticated local attackers to manipulate the gallery.photogallery.pictures.vault.album component and access files outside intended directories. The vulnerability requires local access and authenticated user privileges; public exploit code exists. The vendor has not responded to early disclosure notification, leaving the application unpatched.