Improper initialization in the PFCP handler function ogs_pfcp_handle_create_pdr within Open5GS up to version 2.7.5 allows remote attackers to trigger information disclosure with high attack complexity. The vulnerability has a publicly available proof-of-concept and carries a very low EPSS score (0.15%), indicating minimal real-world exploitation probability despite public availability of exploit code. CVSS 2.9 reflects the limited technical impact (availability of confidentiality only), but the high complexity and resource requirements make practical attacks difficult.
Reachable assertion in Open5GS up to version 2.7.6 affects the PFCP context management functions (PDR, FAR, URR, QER) in lib/pfcp/context.c, allowing remote attackers to trigger a denial of service condition via crafted PFCP messages. The vulnerability requires high attack complexity and has low availability impact, but publicly available exploit code exists. CVSS 2.9 / EPSS 0.14% indicates low real-world exploitation probability despite public POC.
Authentication bypass in JeecgBoot up to version 3.9.0 allows authenticated remote attackers to manipulate tenant ID arguments in the SysTenantController, resulting in improper authentication checks that grant unauthorized access to other tenants' data. The vulnerability has a low CVSS score of 2.1 but publicly available exploit code exists, suggesting active researcher interest despite minimal real-world impact signals (EPSS 0.32%, low severity scope). Exploitation requires prior authentication and produces only limited information disclosure within the multi-tenant architecture.
JeecgBoot versions up to 3.9.0 allow authenticated remote attackers to manipulate user session management through the SysUserOnlineController, resulting in unauthorized session access with low availability impact. Public exploit code is available, though the CVSS score of 2.1 reflects limited real-world risk due to the requirement for authenticated access and minimal impact scope. Active exploitation has not been confirmed in CISA KEV, and the EPSS score of 0.13% indicates low probability of widespread exploitation despite public POC availability.
Path traversal in the FTP daemon service of Edimax BR-6208AC firmware version 1.02 allows authenticated remote attackers to access files outside the intended FTP directory via crafted FTP commands to the handle_retr function. The device is discontinued and unsupported; exploit code is publicly available. While CVSS score is low (2.1) and EPSS indicates minimal exploitation likelihood (0.12%), the vulnerability is real for the small population still using this legacy hardware.
Stored cross-site scripting (XSS) in Simple Stock System 1.0 via the /market/chatuser.php endpoint allows remote attackers to inject malicious scripts without authentication. User interaction is required for payload execution. Publicly available exploit code exists; EPSS score of 0.08% indicates low statistical exploitation probability despite XSS classification.
Galette membership management application versions 0.9.6 through 1.1.x contain an authorization bypass allowing group managers to escalate privileges and modify data beyond their intended role scope. The vulnerability requires authenticated access as a group manager and affects the integrity of membership data and organizational controls. Galette 1.2.0 resolves the issue; affected deployments should upgrade immediately to restore proper role-based access controls.
SQL injection in FastAdmin up to version 1.7.0.20250506 allows high-privilege authenticated attackers to execute arbitrary SQL queries via manipulation of the custom/searchField parameter in the selectpage function of the Backend Controller. The vulnerability requires administrator-level privileges and has publicly available exploit code, though the low CVSS score (2.0) and minimal EPSS exploitation probability (0.06%) indicate limited real-world risk despite active disclosure.
SQL injection in code-projects Online Appointment Booking System 1.0 allows high-privilege remote attackers to manipulate the managername parameter in /admin/deletemanager.php, resulting in limited confidentiality and integrity impact. EPSS score of 0.05% and CVSS 2.0 reflect the high privilege requirement (PR:H), which severely constrains real-world exploitability despite public POC availability.
SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privilege administrators to inject malicious SQL via the /admin/stateadd.php endpoint, potentially compromising database integrity and confidentiality. The vulnerability requires administrative privileges to exploit and has a low CVSS score (2.0) due to restricted scope and limited impact, but publicly available exploit code exists. Real-world risk is minimal given the high privilege barrier (PR:H), though organizations running this system should prioritize patching to prevent insider threats.
SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privilege administrators to execute arbitrary SQL queries via the /admin/userbuilderdelete.php endpoint. The vulnerability requires authenticated administrator access (CVSS PR:H) and affects only confidentiality and integrity with low impact. Publicly available exploit code exists, though exploitation is limited by the requirement for valid high-privilege credentials and carries low real-world risk due to EPSS score of 0.05% and the attacker profile (malicious insiders with admin accounts).
SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privileged administrators to execute arbitrary SQL queries via the /admin/useragentdelete.php endpoint. The vulnerability requires administrator credentials but poses risk to systems where admin accounts may be compromised or where privileged users are untrusted. Publicly available exploit code exists, though EPSS indicates low real-world exploitation probability at 0.05%.
SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privileged administrators to execute arbitrary SQL queries via the ID parameter in /admin/userdelete.php. The vulnerability requires administrator access and carries low confidentiality, integrity, and availability impact per CVSS 4.0 scoring. Publicly available exploit code exists, though EPSS scoring (0.01%, percentile 3%) indicates minimal real-world exploitation probability, suggesting the threat is primarily theoretical despite public disclosure.
Heap-based buffer overflow in WebAssembly Binaryen up to version 125 within the WasmBinaryReader::readExport function allows local attackers with low privileges to cause limited information disclosure and integrity compromise. The vulnerability requires local access and authenticated privileges but has extremely low real-world exploitability with EPSS score of 0.04% despite publicly available proof-of-concept code, indicating this is a narrow, low-impact issue unlikely to be prioritized in most threat environments.
Heap-based buffer overflow in sokol_gfx.h's _sg_pipeline_common_init function allows local authenticated attackers to corrupt memory with low impact on confidentiality, integrity, and availability. Exploitation requires local access and authenticated privileges but no user interaction. Publicly available exploit code exists, though EPSS scoring (0.03%) indicates minimal real-world exploitation probability despite low CVSS score.
Null pointer dereference in WebAssembly Binaryen up to version 125 allows local authenticated users to cause denial of service by manipulating the Index argument in IRBuilder::makeLocalGet, IRBuilder::makeLocalSet, or IRBuilder::makeLocalTee functions. Public exploit code exists, though real-world impact is minimal given the very low EPSS score (0.03%, 7th percentile) and local-access-only attack vector. This vulnerability is low-severity and unlikely to be prioritized for rapid patching in most environments.
Null pointer dereference in Open5GS up to version 2.7.5 allows remote authenticated attackers to cause denial of service by sending manipulated PFCP (Packet Forwarding Control Protocol) packets that trigger improper handling in the FAR-ID handler component. The vulnerability requires high attack complexity and authenticated access, limiting real-world exploitation despite publicly available proof-of-concept code and a low CVSS score of 1.3 reflecting restricted impact scope.