Stack-based buffer overflow in TOTOLIK A3002RU firmware versions up to V3.0.0-B20220304.1804 allows authenticated attackers to achieve remote code execution through a malicious static_ipv6 parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the complete compromise of system confidentiality, integrity, and availability for affected devices.
Stack overflow vulnerabilities in TOTOLIK A3002RU V2.1.1 router firmware allow authenticated attackers to achieve remote code execution through malformed vpnUser or vpnPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at risk of complete compromise.
Remote code execution in TOTOLIK A3002RU V2.1.1 firmware results from a stack-based buffer overflow in the DNS configuration function that can be exploited by authenticated network users. Public exploit code exists for this vulnerability, and attackers with valid credentials can achieve full system compromise including code execution and data manipulation. No patch is currently available.
phpgurukul Student Management System 1.0 is vulnerable to SQL Injection in studentms/admin/search.php via the searchdata parameter. [CVSS 8.8 HIGH]
Rocket TRUfusion Enterprise versions up to 7.10.4.0 is affected by server-side request forgery (ssrf) (CVSS 7.3).
Hard-coded credentials in the Beetel 777VR1 router's web management interface allow adjacent network attackers to gain full administrative access without authentication. Affecting firmware versions up to and including 01.00.09, this vulnerability enables complete device compromise through documented default credentials that cannot be changed through normal configuration. Publicly available exploit code exists with detailed reproduction steps, and the vendor has not responded to disclosure attempts. EPSS score of 0.19% (40th percentile) suggests limited widespread exploitation despite public POC availability, likely due to the device's limited deployment footprint and adjacent network attack requirement.
Wl-Nu516U1 Firmware versions up to 20251208. contains a vulnerability that allows attackers to command injection (CVSS 7.2).
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter. [CVSS 7.2 HIGH]
Link following vulnerability in Softland FBackup 9.9 and earlier allows local authenticated attackers to escalate privileges by manipulating symbolic links processed by the HID.dll library during backup or restore operations. Public exploit code is available via GitHub, but EPSS score remains extremely low (0.01%) and no active exploitation has been reported. The vendor has not responded to disclosure attempts, leaving users without an official patch.
Tenable Security Center is vulnerable to command injection that allows authenticated remote attackers to execute arbitrary code on the hosting server. With no patch currently available and an 8.8 CVSS score, this vulnerability poses a significant risk to organizations relying on this security platform for vulnerability management. Attackers with valid credentials can achieve full system compromise without user interaction.
Unauthenticated attackers can bypass API authentication in Aruba Networking Private 5G Core to create unauthorized administrative accounts, enabling full system compromise. Successful exploitation grants attackers administrative privileges to modify configurations and access sensitive data within affected deployments.
An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration [CVSS 8.8 HIGH]
Windows Admin Center's authentication mechanism can be bypassed by authenticated network users to gain elevated privileges on affected Windows systems. An attacker with valid credentials could exploit this weakness to escalate their access level without additional user interaction. A patch is available to remediate this high-severity vulnerability.
The WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fc_load_template function. [CVSS 8.8 HIGH]
Datastage On Cloud Pak For Data is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation.
Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. [CVSS 8.7 HIGH]
Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co. Tumeva Prime News Software is affected by sql injection (CVSS 8.6).
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system. [CVSS 8.1 HIGH]
Improper file permissions on system binaries in Glory RBG-100 recycler systems running ISPK-08 software allow local attackers to overwrite root-owned executables and achieve privilege escalation. An unprivileged user with local access can modify these world-writable binaries to execute arbitrary commands with root privileges. No patch is currently available for this vulnerability.
Unauthenticated attackers can mark WooCommerce orders as paid in the Zarinpal Gateway plugin (versions up to 5.0.16) by reusing valid payment tokens from other transactions, exploiting insufficient validation of callback handlers. This allows fraudulent order fulfillment without actual payment completion. No patch is currently available and the vulnerability affects all WordPress installations using this payment gateway plugin.
A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter. [CVSS 7.6 HIGH]
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. [CVSS 7.5 HIGH]
TLS certification mechanism of Guardian Gryphon v01.06.0006.22 is affected by improper certificate validation (CVSS 7.5).
Concert versions up to 2.1.0 is affected by incorrect permission assignment for critical resource (CVSS 7.4).
Reflected XSS in WordPress RSS Aggregator plugin versions up to 5.0.10 allows unauthenticated attackers to inject malicious scripts through the unvalidated 'template' parameter. An attacker can exploit this by crafting a malicious link that, when clicked by a victim, executes arbitrary JavaScript in their browser session. No patch is currently available for this vulnerability.
Db2 versions up to 12.1.3 is affected by improper restriction of xml external entity reference (CVSS 7.1).
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password. [CVSS 7.1 HIGH]
Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. [CVSS 7.0 HIGH]