Unauthenticated command injection in Tenda G300-F router firmware version 16.01.14.2 and earlier allows authenticated attackers to execute arbitrary OS commands through the WAN diagnostic interface by injecting shell metacharacters into unvalidated curl parameters. An attacker with management interface access can exploit this to gain full system compromise with process-level privileges. Public exploit code exists and no patch is currently available.
Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows authenticated attackers to achieve full system compromise via a buffer overflow in the Management Interface firewall configuration function. Public exploit code exists for this vulnerability, and no patch is available from the vendor despite early disclosure notification. The attack requires valid credentials but can be executed over the network without user interaction.
Unauthenticated attackers can exploit a buffer overflow in the UTT 520W Firmware's P2P configuration function via a crafted request to achieve remote code execution with high privileges. The vulnerability requires only network access and low complexity to exploit, with public exploit code already available. No patch has been released by the vendor despite early notification.
QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. [CVSS 8.2 HIGH]
AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents. [CVSS 8.2 HIGH]
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system. [CVSS 7.5 HIGH]
ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. [CVSS 7.5 HIGH]
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. [CVSS 7.5 HIGH]
Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. [CVSS 7.5 HIGH]
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash. [CVSS 7.5 HIGH]
aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. [CVSS 7.5 HIGH]
Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. [CVSS 7.5 HIGH]
Remote code execution in UTT HiPER 810 Firmware 1.7.4-141218 via command injection in the user administration function allows unauthenticated attackers to execute arbitrary commands over the network. The vulnerability exists in the passwd1 parameter of the /goform/formUser endpoint and has public exploit code available. No patch is currently available from the vendor, who has been unresponsive to disclosure attempts.
D-Link DIR-823X firmware contains a command injection vulnerability in the /goform/set_language endpoint that allows remote attackers with high privileges to execute arbitrary OS commands via manipulation of the langSelection parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation grants complete system compromise with confidentiality, integrity, and availability impact.
Command injection in D-Link DWR-M921 firmware versions up to 1.1.50 allows remote attackers with high privileges to execute arbitrary commands through the USSD Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can leverage the unsanitized ussdValue parameter to compromise the affected device.
eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. [CVSS 7.1 HIGH]
ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. [CVSS 7.1 HIGH]
LDAP filter injection in WeKan before 8.19 allows remote unauthenticated attackers to manipulate LDAP search filters and DN construction during login by supplying crafted usernames that are embedded into queries without escaping. Because the malicious input reaches the authentication path directly (CVSS 4.0 AV:N/PR:N/UI:N, base score 8.7), an attacker can tamper with the authentication logic to enumerate directory data or subvert the intended search filter. No public exploit is identified at time of analysis and EPSS exploitation probability is low (0.05%), but a vendor patch (commit 0b0e16c) is available.
Broken authorization in Wekan versions prior to 8.20 lets any authenticated non-administrative user invoke board migration functionality that should be restricted to board administrators. Because permission checks on the migration methods (e.g. comprehensiveBoardMigration.execute) are insufficient, a low-privileged user can trigger unauthorized migration operations that mutate board structure and data. EPSS is very low (0.05%, 15th percentile) and there is no public exploit identified at time of analysis, but a vendor patch and fix commit are available.
Authorization bypass in WeKan (self-hosted kanban board) versions prior to 8.19 lets an authenticated user create public boards even when the instance-wide allowPrivateOnly setting is enabled, because server-side enforcement of the visibility policy is incomplete at board-creation time. The flaw undermines an administrator's expectation that all boards remain private, potentially exposing board content beyond intended audiences. EPSS is low (0.03%, 9th percentile) with no public exploit identified at time of analysis and no CISA KEV listing; a vendor patch is available.
Improper authorization in WeKan's card-move API lets an authenticated low-privilege user relocate cards to boards, lists, and swimlanes they do not control, because the destination is trusted without verifying access rights or that the target objects belong to the destination board. All WeKan versions before 8.19 are affected; no public exploit is identified at time of analysis and EPSS is negligible (0.01%), but the fixing commit publicly documents the missing checks, lowering the bar to reproduce.
Privilege escalation via broken authorization in WeKan (the open-source kanban board) before 8.19 lets users holding read-only board roles modify cards, lists, and swimlanes that should require write access. The flaw stems from card/list/swimlane update API routes calling a read-level access check instead of a write-level check, letting a low-privileged but authenticated member tamper with data they should only be able to view. There is no public exploit identified at time of analysis and EPSS is negligible (0.01%), but the fix is confirmed in an upstream commit and the CVSS 4.0 base score is 7.1.
Cross-board data tampering in WeKan (open-source Trello-style kanban board) before version 8.19 lets an authenticated low-privileged user manipulate checklists on cards belonging to boards they should not access. The checklist creation, deletion, and related REST routes accept a cardId without confirming it belongs to the supplied boardId, so an attacker can forge identifiers to add or remove checklists on other users' cards. No public exploit identified at time of analysis, and EPSS is negligible (0.01%), but the vendor fix commit confirms the root cause and a straightforward exploitation path.
Cross-board data tampering in WeKan (the open-source Trello-style kanban board) before version 8.19 lets an authenticated low-privilege user attach checklists to cards on boards they do not own by supplying a mismatched cardId/boardId pair. Because the checklist creation routes never confirm the card actually belongs to the referenced board, any logged-in user can manipulate identifiers to write into other users' boards. No public exploit is identified at time of analysis and EPSS exploitation probability is negligible (0.01%), but the fix is confirmed by an upstream vendor commit.
Improper authorization in the WeKan attachment upload API (versions prior to 8.19) lets an authenticated low-privileged user submit inconsistent object identifiers (boardId, cardId, swimlaneId, listId) that the server fails to cross-validate, allowing attachments to be associated with or moved across card/board relationships the user should not control. The affected component is the self-hosted open-source kanban platform WeKan; the fix (commit 1d16955b) adds server-side checks that a card actually belongs to the named board, swimlane, and list. No public exploit identified at time of analysis, EPSS is negligible (0.01%), and it is not in CISA KEV.