SQL injection in SourceCodester Sales and Inventory System 1.0 allows authenticated remote attackers to manipulate the sid parameter in update_purchase.php, enabling unauthorized database queries and potential data exfiltration. Public exploit code exists for this vulnerability, and no patch is currently available.
SourceCodester Sales and Inventory System 1.0 contains a SQL injection vulnerability in the update_out_standing.php file's sid parameter that allows authenticated remote attackers to execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The vulnerability affects PHP-based deployments and has a CVSS score of 5.3.
SQL injection in SourceCodester Sales and Inventory System 1.0 via the sid parameter in update_customer_details.php allows authenticated remote attackers to execute arbitrary SQL commands. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations using PHP-based deployments of this system should restrict access to the vulnerable component until a fix is released.
SQL injection in SourceCodester Sales and Inventory System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the sid parameter in update_category.php. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers with valid credentials can leverage this weakness to compromise database integrity and extract sensitive information.
SQL injection in SourceCodester Sales and Inventory System 1.0's view_supplier.php POST parameter handler allows authenticated attackers to execute arbitrary SQL queries through the searchtxt parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The vulnerability affects PHP-based installations and currently lacks an available patch.
A stored cross-site scripting (XSS) vulnerability exists in projectworlds Lawyer Management System version 1.0 within the /lawyer_booking.php file, where the Description parameter fails to sanitize user input before rendering. An authenticated attacker can inject malicious JavaScript that executes in the context of other users' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions. A proof-of-concept exploit has been publicly disclosed on GitHub, and the vulnerability carries a CVSS score of 3.5 with evidence of public exploitation.
A cross-site scripting (XSS) vulnerability exists in bolo-blog version 2.6.4 in the Article Title Handler component at /console/article/, where the articleTitle parameter is not properly sanitized before being rendered. An authenticated attacker with high privileges can inject malicious JavaScript through the articleTitle argument, resulting in stored or reflected XSS that compromises the integrity of the application. A proof-of-concept exploit has been publicly released on GitHub, and the vendor has not yet responded to early disclosure notifications.
Astro's remotePatterns path enforcement contains a logic flaw where wildcard matching for /* is unanchored, allowing attackers to bypass path restrictions and access unintended resources on allowed hosts. Versions 2.10.10 through 5.18.0 are affected, enabling information disclosure through server-side image optimization endpoints and other remote fetchers. The vulnerability has been patched in version 5.18.1, and while no public exploit code or active exploitation has been reported in KEV databases, the straightforward nature of the bypass makes this a moderate to high priority for affected deployments.
An HTTP Request/Response Smuggling vulnerability exists in visualfc liteide due to inconsistent interpretation of HTTP requests in the HTTP parser component (http_parser.C), classified under CWE-444. This affects liteide versions before x38.4, allowing attackers to exploit the qjsonrpc HTTP parser module to smuggle malicious requests. An attacker could leverage this vulnerability to perform request smuggling attacks, potentially leading to cache poisoning, session hijacking, or information disclosure depending on the deployment context and HTTP intermediaries involved.
An unauthenticated user can exploit the `/assets/generate-transform` endpoint in Craft CMS to generate valid transform URLs for private assets without authorization checks, allowing anonymous access to transformed image content that should be restricted. This authentication bypass affects Craft CMS versions prior to 4.17.8 and 5.9.14, enabling attackers to derive and view content from private assets through the publicly accessible transform endpoint. The vulnerability has a published patch and advisory available from the vendor.
An incorrect authorization vulnerability exists in Apache Artemis and Apache ActiveMQ Artemis where the OpenWire protocol fails to properly enforce permission checks when creating non-durable JMS topic subscriptions on non-existent addresses. A user with only 'createDurableQueue' permission but lacking 'createAddress' permission can bypass authorization controls to create temporary addresses that should be denied, circumventing the intended security model when address auto-creation is disabled. This authentication bypass persists until the OpenWire connection closes and the temporary address is cleaned up.
A command injection vulnerability exists in Silicon Labs Simplicity Studio V5 and Simplicity Installer Tool for Simplicity Studio V6, where vulnerable endpoints accept user-controlled input through URLs in JSON format, enabling arbitrary command execution. An attacker on the same network can exploit this to execute system commands, though parameter passing is restricted. While CVSS scoring is unavailable, the vulnerability represents a significant local network threat to development environments using these tools.
Parse Server versions prior to 8.6.60 and 9.6.0-alpha.54 contain a race condition vulnerability that allows attackers to reuse single-use MFA recovery codes an unlimited number of times through concurrent login requests. An attacker with knowledge of a user's password and possession of one valid recovery code can bypass the intended single-use restriction by sending multiple authentication attempts simultaneously within milliseconds, effectively defeating the multi-factor authentication protection mechanism. This vulnerability is tracked as CWE-367 (TOCTOU race condition) and has been patched in the aforementioned versions with fixes available via pull requests 10275 and 10276.
SQL injection in the Parameter Handler of itsourcecode sanitize or validate this input 1.0 allows authenticated remote attackers to manipulate the subject_code argument in /admin/subjects.php and execute arbitrary SQL commands. Public exploit code exists for this vulnerability, and no patch is currently available.
Tenable OT contains an SSH misconfiguration that permits unauthorized disclosure of socket, port, and service information through the ostunnel user account and improper GatewayPorts settings. This vulnerability affects Tenable Operation Technology across multiple versions and allows attackers to enumerate underlying system architecture and network configuration without requiring high privileges or complex exploitation. While no CVSS score, EPSS data, or confirmed active exploitation is publicly documented, the information disclosure nature of this vulnerability enables reconnaissance for subsequent targeted attacks.
An authorization bypass vulnerability in Craft CMS allows low-privileged authenticated users to extract private asset editing metadata, including focal point data, from assets they do not have permission to view. The vulnerability affects Craft CMS versions prior to 4.17.8 and 5.9.14, where the actionImageEditor endpoint fails to perform per-asset authorization checks before returning sensitive editor context. While no CVSS score or EPSS metric is currently published, this information disclosure vulnerability enables attackers to gain unauthorized insight into restricted asset configurations.
A stored cross-site scripting (XSS) vulnerability exists in Authelia version 4.39.15 due to improper neutralization of the language cookie value when rendering HTML templates. This vulnerability only affects users who have deliberately disabled or modified the default Content Security Policy with unsafe directives (such as unsafe-inline scripts or arbitrary domain connections); default installations are completely protected. An attacker could potentially inject malicious JavaScript into the Authelia login page if multiple preconditions are met, including a secondary application vulnerability on the same domain, CSP misconfiguration, and the ability to manipulate cookies.