InvoicePlane through 1.6.3 allows authenticated users to upload PHP files as attachments that can be executed remotely. Low privileges sufficient with scope change. PoC available.
Changjetong T+ (through 16.x) has .NET deserialization RCE in an AjaxPro endpoint. Attacker-controlled JSON triggers deserialization of malicious .NET types. PoC available.
phpKF CMS 3.00 Beta allows unauthenticated PHP file upload by disguising it as a PNG, then renaming it for execution. PoC available.
10-Strike Network Inventory Explorer Pro 9.31 has a buffer overflow in text file import that enables RCE through crafted files. PoC available.
Kingdia CD Extractor 3.0.2 has a buffer overflow in the registration name field. PoC available.
ProjeQtOr Project Management 9.1.4 allows guest users to upload PHP files through profile attachments. Unauthenticated RCE via web shell. PoC available.
Cmder Console Emulator 1.3.18 can be crashed via a malicious .cmd file with repeated characters, causing buffer overflow and DoS. PoC available.
RustCrypto CMOV before 0.4.4 emits non-constant-time assembly on ARM Cortex-M0/M0+/M1 targets. Cryptographic operations that rely on constant-time guarantees are broken on these embedded platforms. PoC available, patch available.
Phpgurukul Cyber Cafe Management System v1.0 has SQL injection in the username parameter of add-users.php. PoC available.
Arcane Docker management tool before 1.13.0 has command injection in lifecycle labels. Container labels are passed to /bin/sh -c without sanitization, enabling RCE. PoC available.
Patient Management System versions up to 2.0.2 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Patient Management System versions up to 2.0.2 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
HTTP request smuggling in H3 framework versions before 1.15.5 allows remote attackers to bypass security controls by exploiting improper case-sensitive validation of the Transfer-Encoding header. The vulnerability enables attackers to inject malicious requests that diverge between client and server parsing, potentially leading to cache poisoning, session hijacking, or other attacks. Public exploit code exists for this vulnerability.
A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. [CVSS 8.8 HIGH]
YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. [CVSS 8.4 HIGH]
Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. [CVSS 8.2 HIGH]
GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function. [CVSS 8.2 HIGH]
Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint. [CVSS 8.2 HIGH]
DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. [CVSS 8.1 HIGH]
Arbitrary code execution in Deno runtime versions before 2.5.6 allows unauthenticated attackers to bypass shell script execution restrictions by using alternate casing in batch file extensions (e.g., .BAT, .Bat instead of .bat). The case-sensitive validation flaw enables attackers to spawn blocked Windows batch and command files, achieving remote code execution. Public exploit code exists and no patch is currently available for affected systems.
HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts. [CVSS 7.8 HIGH]
Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. [CVSS 7.8 HIGH]
10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. [CVSS 7.8 HIGH]
Awebserver versions up to 18 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Authenticated command injection in Roxy-WI versions prior to 8.2.8.2 enables attackers to execute arbitrary system commands through improper sanitization of the grep parameter in log viewing functionality. Public exploit code exists for this vulnerability, affecting users managing HAProxy, Nginx, Apache, and Keepalived servers through the web interface. A patch is available in version 8.2.8.2 and later.
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the mac parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. [CVSS 7.5 HIGH]
Cyberfox Web Browser 52.9.1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the search bar with excessive data. Attackers can generate a 9,000,000 byte payload and paste it into the search bar to trigger an application crash. [CVSS 7.5 HIGH]
A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet. [CVSS 7.5 HIGH]
A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet. [CVSS 7.5 HIGH]
Deno versions up to 2.6.0 contains a vulnerability that allows attackers to have infinite encryptions (CVSS 7.5).
Cross-Site Request Forgery (CSRF) in Easy!Appointments 1.5.2 and earlier allows remote attackers to perform administrative actions including admin account creation, credential modification, and full account takeover by tricking authenticated administrators into visiting a malicious page. The vulnerability stems from incomplete CSRF protection that only validates POST requests while state-changing operations accept GET parameters. A publicly available exploit exists (GitHub Security Advisory GHSA-54v4-4685-vwrj), though EPSS exploitation probability is low (0.01%, 1st percentile) and the vulnerability is not listed in CISA KEV, suggesting limited real-world exploitation to date.
A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresses. [CVSS 7.3 HIGH]
Docmost versions 0.21.0 through 0.23.x contain a path traversal vulnerability in the zip import feature that allows authenticated attackers to write arbitrary files to the system due to insufficient filename validation. Public exploit code exists for this vulnerability, which could enable attackers to overwrite critical application files or achieve code execution. The vulnerability is patched in version 0.24.0 and affects all installations using the vulnerable import functionality.
Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. [CVSS 7.1 HIGH]
Android versions up to - contains a vulnerability that allows attackers to remote (proximal/adjacent) information disclosure of user's conversations and lo (CVSS 7.1).
An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database. [CVSS 6.5 MEDIUM]
Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. [CVSS 6.5 MEDIUM]
A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file. [CVSS 6.5 MEDIUM]
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. [CVSS 6.5 MEDIUM]
MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. [CVSS 6.2 MEDIUM]
its Sudo configuration contains a vulnerability that allows attackers to gain root access (CVSS 6.2).
ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. [CVSS 6.1 MEDIUM]
Cyber Cafe Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 6.1).
Cyber Cafe Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 6.1).
SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output. [CVSS 6.1 MEDIUM]