Remote code execution in Tenda F453 firmware through a buffer overflow in the P2pListFilter HTTP handler allows authenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, creating immediate risk for deployed devices. No patch is currently available, leaving affected systems vulnerable to exploitation.
Remote code execution in Tenda F453 firmware allows authenticated attackers to achieve complete system compromise through a buffer overflow in the httpd address NAT function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.
Remote code execution in Tenda F453 firmware through a buffer overflow in the L7Prot HTTP handler allows unauthenticated attackers to achieve full system compromise via a malicious page parameter. Public exploit code exists for this vulnerability, increasing the risk of widespread attacks. No patch is currently available, leaving affected devices vulnerable until firmware updates are released.
Remote code execution in Tenda F453 firmware version 1.0.0.3 allows authenticated attackers to execute arbitrary code via a buffer overflow in the wireless security settings endpoint. The vulnerability exists in the httpd component's formWrlsafeset function and can be triggered through manipulation of the mit_ssid_index parameter. Public exploit code is available and no patch has been released.
Unauthenticated remote attackers can execute arbitrary code on Tenda F453 devices running firmware 1.0.0.3 by exploiting a stack buffer overflow in the DHCP list client function through the httpd service. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access but no user interaction, making it trivial to exploit.
PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. [CVSS 8.7 HIGH]
CleverTap Web SDK through version 1.15.2 contains a cross-site scripting vulnerability in its postMessage handler that fails to properly validate message origins, allowing attackers to inject malicious scripts by exploiting subdomain bypass techniques. Public exploit code exists for this vulnerability, and affected applications can be compromised through user interaction. A patch is available to address the insufficient origin validation in the nativeDisplay.js component.
CleverTap Web SDK versions 1.15.2 and earlier contain a DOM-based XSS vulnerability in the Visual Builder module due to improper origin validation of postMessage events, allowing attackers to inject malicious scripts through crafted subdomains. Public exploit code exists for this vulnerability, which affects all users of the affected SDK versions. An attacker can execute arbitrary JavaScript in the context of a victim's browser session to steal sensitive data or perform unauthorized actions.
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. [CVSS 8.2 HIGH]
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. [CVSS 8.2 HIGH]
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. [CVSS 8.2 HIGH]
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. [CVSS 8.2 HIGH]
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. [CVSS 8.2 HIGH]
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. [CVSS 8.2 HIGH]
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. [CVSS 8.2 HIGH]
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. [CVSS 8.2 HIGH]
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. [CVSS 8.2 HIGH]
Unitree robotics firmware updates can be modified and executed by local attackers due to inadequate encryption of the firmware protection mechanism, allowing arbitrary code execution on affected Go1 and Go2 models. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with physical or local access could tamper with firmware packages to gain complete control over the device.
Gradio versions up to 6.7 contains a vulnerability that allows attackers to read arbitrary files from the file system (CVSS 7.5).
Unauthenticated account creation in phpMyFAQ versions before 4.0.18 allows remote attackers to register unlimited user accounts through the WebAuthn prepare endpoint without authentication, CSRF protection, or captcha validation, even when registration is disabled. Public exploit code exists for this vulnerability. Update to version 4.0.18 or later to remediate.
Inetutils versions up to 2.7 is affected by inclusion of functionality from untrusted control sphere (CVSS 7.4).
Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. [CVSS 7.3 HIGH]
OpenEMR versions prior to 8.0.0 allow authenticated portal users to access other patients' protected health information through insecure direct object references (IDOR) in the payment portal, enabling horizontal privilege escalation to view and modify another patient's demographics, invoices, and payment history. The vulnerability stems from accepting patient ID values from user-controlled request parameters instead of validating against the authenticated user's session. Public exploit code exists for this vulnerability.
Group Office versions before 26.0.9, 25.0.87, and 6.8.154 allow authenticated attackers to execute arbitrary commands through maliciously crafted TNEF attachments, where attacker-controlled filenames in winmail.dat are processed unsafely with zip wildcard expansion. An attacker with valid credentials can exploit this to achieve remote code execution with full system privileges. No patch is currently available for affected deployments.
Remote code execution in intra-mart Accel Platform's IM-LogicDesigner module through insecure deserialization of crafted files imported by administrative users. An attacker with admin privileges can execute arbitrary code by importing a malicious file, with no patch currently available. The vulnerability affects all deployments where IM-LogicDesigner is enabled.
SQL injection in Group Office email template selection endpoint allows authenticated attackers to extract sensitive data from the database through the unvalidated comparator parameter in advancedQueryData. An attacker with valid credentials can perform blind boolean-based attacks to exfiltrate password hashes from the core_auth_password table. Affected versions prior to 26.0.8, 25.0.87, and 6.8.153 require immediate patching.
Authenticated Statamic CMS users (versions 6.0.0-6.3.x) can bypass privilege escalation verification checks to gain unauthorized elevated access, potentially enabling unauthorized sensitive operations depending on existing permissions. The vulnerability affects both Statamic and its Laravel framework integration, with a patch available in version 6.4.0.
Denial of service in Multer (the Express/Node.js multipart/form-data middleware) before version 2.1.0 lets remote attackers exhaust server resources by submitting malformed multipart requests, crashing or hanging the upload-handling process. The flaw scores CVSS 4.0 8.7 with an availability-only impact and requires no authentication or user interaction; no public exploit has been identified at time of analysis and EPSS rates near-term exploitation probability very low (0.06%, 17th percentile). A vendor patch (2.1.0) is available and Red Hat has shipped errata, but no workaround exists.
Denial of service in Multer (Express.js multipart/form-data middleware) before version 2.1.0 lets remote unauthenticated attackers exhaust server resources by abruptly dropping the connection mid file-upload, leaving allocated resources unreleased. The flaw maps to CWE-772 (missing release of resource) and carries a CVSS 4.0 base score of 8.7 driven entirely by availability impact. There is no public exploit identified at time of analysis and the EPSS probability is very low (0.06%), but a fixed release (2.1.0) is available and no workarounds exist.
Statmatic is a Laravel and Git powered content management system (CMS). [CVSS 8.7 HIGH]
Copeland XWEB Pro firmware versions 1.12.1 and earlier suffer from an authentication bypass vulnerability where malformed authentication responses are incorrectly validated as legitimate, allowing unauthenticated remote attackers to gain unauthorized access. The flaw affects multiple XWEB Pro models (500d, 300d, and 500b) with a CVSS score of 8.6 indicating high severity, though no patch is currently available. An attacker exploiting this vulnerability could bypass security controls and potentially access sensitive device functionality without valid credentials.
Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.
Remote code execution in Red Hat Satellite's rubyipmi BMC component allows authenticated users with host creation or update permissions to execute arbitrary code by injecting malicious input into the BMC username field. An attacker with these privileges can compromise the underlying system through command injection. No patch is currently available for this vulnerability.
Blind SQL injection in Centreon Web's Service Dependencies module allows authenticated attackers to extract sensitive database information through unsanitized array keys in deletion requests. This vulnerability affects Centreon Web versions before 25.10.8, 24.10.20, and 24.04.24 on Linux systems, requiring valid credentials but no user interaction to exploit. No patch is currently available, leaving affected deployments vulnerable to database reconnaissance and potential data exfiltration.
Authentication and authorization bypass in @fastify/middie (Node.js middleware library for Fastify) allows remote unauthenticated attackers to access protected endpoints by exploiting path normalization inconsistencies. When Fastify router normalization options (ignoreDuplicateSlashes, useSemicolonDelimiter, trailing-slash handling) are enabled, crafted URL paths bypass path-scoped middleware checks while still routing to protected handlers. Confirmed actively exploited (CISA KEV). Patch available in version 9.2.0. EPSS score of 0.17% (38th percentile) suggests limited widespread exploitation despite active use, likely indicating targeted attacks against known vulnerable deployments.
A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13.
Path traversal in Kaniko 1.25.4 through 1.25.9 allows attackers to extract tar archives outside the intended destination directory, enabling arbitrary file writes on the build system. When combined with Docker credential helpers in registry authentication scenarios, this vulnerability can be leveraged for code execution within the Kaniko executor process. Docker and Kubernetes environments using the affected Kaniko versions are at risk.
Server-Side Request Forgery in Gradio prior to version 6.6.0 allows attackers to execute arbitrary HTTP requests through a victim's infrastructure by crafting a malicious Space with a poisoned proxy_url configuration. Applications that load untrusted Gradio Spaces via gr.load() are vulnerable to attacks targeting internal services, cloud metadata endpoints, and private networks. No patch is currently available for affected Python/ML applications.
Apache\ versions up to \ contains a vulnerability that allows attackers to gain access to systems (CVSS 8.2).
Kiteworks Email Protection Gateway prior to version 9.2.0 contains a stored cross-site scripting vulnerability in its configuration interface that allows authenticated administrators to inject malicious scripts executed against other users. An admin with high privileges can exploit this to compromise user sessions and data through the affected UI. No patch is currently available for this vulnerability.
Remote code execution in Xweb 300d/500b/500d Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the firmware update endpoint. The vulnerability stems from insufficient input validation in command processing and requires high privileges but affects the entire system scope. No patch is currently available for this HIGH severity issue.
Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by submitting a malicious firmware update file through the update mechanism. The vulnerability affects multiple XWEB Pro models (300d, 500d, and 500b) and requires high-level privileges to exploit. No patch is currently available for this high-severity command injection flaw (CVSS 8.0).
Remote code execution in XWEB Pro versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands via malicious input submitted to the restore functionality. The vulnerability affects Xweb 500d Pro, 500b Pro, and 300d Pro firmware versions, with no patch currently available. An attacker with valid credentials could compromise the affected device and gain full system control.
Remote code execution in Xweb 300d Pro, 500d Pro, and 500b Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the devices field in the setup route. An attacker with valid credentials can exploit this command injection vulnerability to gain complete system control. No patch is currently available for this vulnerability.
Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary commands by injecting malicious input into OpenSSL parameter fields. An attacker with valid credentials can exploit this command injection vulnerability through the utility route to gain complete system compromise. No patch is currently available for affected XWEB 500b Pro and 300d Pro devices.
Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the devices field during firmware updates. The vulnerability affects multiple Xweb Pro models (500d, 300d, and 500b) and requires high privileges to exploit, though it can impact the entire system. No patch is currently available for this HIGH severity issue.
Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by submitting malicious input through the contacts import endpoint. The vulnerability affects multiple Xweb Pro models (500d, 300d, and 500b) and requires high-level privileges but can compromise the entire system. No patch is currently available.
Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the devices field during firmware update operations. The vulnerability affects multiple Xweb Pro models (500d, 500b, and 300d) and requires high-level privileges to exploit, though it can impact the entire system. No patch is currently available for this HIGH severity issue.
Remote code execution in Xweb 300d Pro, 500b Pro, and 500d Pro firmware (version 1.12.1 and prior) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into the map filename field during file upload operations. An attacker with valid credentials can exploit this command injection flaw to gain full system control. No patch is currently available for this vulnerability.
Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the templates route. Affected versions include Xweb 500d Pro, 300d Pro, and 500b Pro. No patch is currently available for this vulnerability.