Intern Membership Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 4.7).
Flycatcher Toys smART Sketcher versions up to 2.0 lack authentication in the Bluetooth Low Energy interface, allowing unauthenticated attackers on the local network to manipulate device functionality and potentially access sensitive data. Public exploit code exists for this vulnerability, and the vendor has not responded to disclosure attempts. No patch is currently available.
SQL injection in jjjfood and jjjshop_food PHP applications through the latitude parameter in /index.php/api/product.category/index allows authenticated attackers to execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite notification. Affected installations up to version 20260103 should implement immediate mitigation measures.
A vulnerability was found in Luxul XWR-600 versions up to 4.0.1. is affected by cross-site scripting (xss) (CVSS 2.4).
A vulnerability was found in AcademySoftwareFoundation OpenColorIO versions up to 2.5.0. is affected by buffer overflow (CVSS 3.3).