Command injection in UTT HiPER 810 Firmware version 1.7.4-141218 allows authenticated remote attackers to execute arbitrary commands through manipulation of the policyNames parameter in the /goform/formPdbUpConfig endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers with login credentials can achieve code execution with minimal complexity.
OS command injection in XixianLiang HarmonyOS-mcp-server 0.1.0 allows authenticated remote attackers to execute arbitrary commands through unsanitized input to the input_text function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can exploit this over the network to achieve remote code execution with limited complexity.
Command injection in Xcode MCP Server's LLDB integration allows authenticated network attackers to execute arbitrary commands by manipulating the args parameter in the registerXcodeTools function. Public exploit code exists for this vulnerability, increasing the practical risk to organizations using affected versions. Users should apply the available patch to remediate this medium-severity flaw affecting the AI/ML tooling component.
Command injection in D-Link DWR-M921 firmware via the fota_url parameter allows authenticated remote attackers to execute arbitrary commands with network access. The vulnerability affects firmware version 1.1.50 and has public exploit code available. A patch is not currently available.
D-Link DWR-M921 firmware versions up to 1.1.50 contain a command injection vulnerability in the LTE firmware update function that allows authenticated remote attackers to execute arbitrary commands via a manipulated fota_url parameter. Public exploit code is available for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials could achieve remote code execution on affected devices.
Simple Responsive Tourism Website versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 4.3).
Patients Waiting Area Queue Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 4.3).
Simple Responsive Tourism Website versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 4.3).
Doorman versions up to 0.6. is affected by url redirection to untrusted site (open redirect) (CVSS 4.3).
Unrestricted file upload in Yshopmall up to version 1.9.1 allows authenticated attackers to upload arbitrary files via manipulation of the updateAvatar function in the FileUtil component. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The vendor has not yet released a patch despite early notification.
Improper authorization in WukongCRM up to version 11.3.3 allows authenticated remote attackers to manipulate URL handling logic and bypass access controls. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The flaw affects the PermissionServiceImpl component and enables attackers to gain unauthorized access to restricted functionality.
Patients Waiting Area Queue Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 4.3).
Patients Waiting Area Queue Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 4.3).
Command injection in D-Link DIR-600 firmware through the ssdp.cgi file allows remote attackers to execute arbitrary commands by manipulating HTTP parameters (HTTP_ST, REMOTE_ADDR, REMOTE_PORT, SERVER_ID). Public exploit code exists for this vulnerability, though it affects only unsupported product versions. The attack requires high-level privileges but has low complexity and impacts confidentiality, integrity, and availability.
SQL injection in PHPGurukul Hospital Management System 4.0's user management interface allows remote attackers with administrative privileges to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires high-level credentials but poses risks to data confidentiality, integrity, and availability within affected hospital deployments.
SQL injection in the News Portal Project 1.0 admin panel (/admin/aboutus.php) allows authenticated attackers with high privileges to manipulate the pagetitle parameter and execute arbitrary SQL queries, potentially compromising database integrity and confidentiality. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid administrative credentials but no user interaction.
PHPGurukul Hospital Management System 4.0 contains a SQL injection vulnerability in the doctor management interface that allows authenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with administrative credentials could potentially extract or modify sensitive hospital data.
A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. [CVSS 3.5 LOW]
Online Student Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 2.4).
Online Application System For Admission versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in the login function of code-projects Online Student Management System 1.0 allows unauthenticated attackers to manipulate username and password parameters in accounts.php, enabling unauthorized data access, modification, and potential service disruption. Public exploit code is available for this vulnerability, increasing exploitation risk. No patch is currently available.
WeKan versions up to 8.20 contain an information disclosure vulnerability in the Activity Publication Handler that allows unauthenticated remote attackers to access sensitive data through manipulation of the activities.js file. The vulnerability requires no user interaction and can be exploited over the network with low complexity. Users should upgrade to version 8.21 or apply patch 91a936e07d2976d4246dfe834281c3aaa87f9503 to remediate this issue.
Wekan versions up to 8.20 contain an authorization bypass in the Rules Handler component that allows authenticated remote attackers to access unauthorized information through the rules.js file. The vulnerability requires valid credentials but no user interaction, enabling low-impact confidentiality breaches. Upgrading to version 8.21 resolves this issue.
WeKan versions up to 8.20 contain an information disclosure vulnerability in the Meteor Publication Handler's card publication mechanism that allows authenticated remote attackers to access sensitive data. The vulnerability requires valid credentials but no user interaction to exploit, and is resolved in version 8.21.
SQL injection in Xiaopi Panel's WAF Firewall component (up to version 20260126) allows authenticated remote attackers to manipulate the ID parameter in /demo.php and execute arbitrary SQL queries. Public exploit code is available and the vendor has not provided a patch despite early notification. This vulnerability requires valid credentials to exploit but enables attackers to access or modify sensitive database information.