Remote command injection in Quip MCP Server 1.0.0 allows authenticated attackers to execute arbitrary system commands through the setupToolHandlers function in src/index.ts. Public exploit code exists for this vulnerability, and the developers have not yet released a patch despite early notification. The attack requires valid credentials but can be performed over the network with no user interaction needed.
Stack-based buffer overflow vulnerability in GPAC's MP4Box component, specifically in the swf_def_bits_jpeg function of src/scene_manager/swf_parse.c, affecting versions up to 2.5-DEV-rev2167. An authenticated attacker can exploit this remotely by manipulating the szName argument to cause a stack overflow, resulting in information disclosure, data modification, or denial of service. A public proof-of-concept exists, and a vendor patch is available; exploitation requires valid credentials (CVSS 6.3 with authenticated access requirement).
CVE-2026-4171 is an authorization bypass vulnerability in CodeGenieApp serverless-express affecting versions up to 4.17.1, where manipulation of the userId parameter in the API Endpoint component allows authenticated attackers to access or modify resources belonging to other users. A public proof-of-concept exploit exists, the vendor has not responded to early disclosure, and the vulnerability carries a CVSS score of 6.3 with exploitation rated as Probable (EPSS indicator); while not currently in CISA KEV, the combination of public POC availability and low attack complexity represents moderate real-world risk.
CodePhiliaX Chat2DB versions up to 0.3.7 contain a SQL injection vulnerability in the Database Export Handler component (DMDBManage.java) affecting multiple export functions. An authenticated attacker with low privileges can remotely exploit this vulnerability to execute arbitrary SQL commands, potentially compromising data confidentiality, integrity, and availability. A public proof-of-concept exploit is available, and the vendor has not responded to early disclosure attempts.
A vulnerability was found in Wavlink WL-NU516U1 240425.
A vulnerability was determined in UEditor up to 1.4.3.2.
SQL injection in phpIPAM versions up to 1.7.4 allows authenticated administrators to manipulate the subnetOrdering parameter in the Section Handler component, enabling remote database compromise. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.
A vulnerability was identified in Tecnick TCExam 16.5.0.
A vulnerability has been found in Radare2 5.9.9.
A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25.