OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection in qdPM 9.1 timeReport endpoint enables remote unauthenticated attackers to extract database contents via crafted filter_by parameters in POST requests. Public exploit code exists (Exploit-DB 45767), and CISA SSVC framework confirms proof-of-concept availability with automatable exploitation. Despite 8.8 CVSS severity, EPSS risk probability remains low at 0.07% (21st percentile), suggesting limited observed exploitation activity. Attackers can retrieve sensitive project management data including credentials, user information, and business records without authentication.
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Remote code execution in FreeBSD kernel's RPCSEC_GSS implementation (kgssapi.ko) and userspace RPC servers (librpcgss_sec) allows low-privileged authenticated attackers to execute arbitrary code via crafted network packets. Affects FreeBSD 13.5, 14.3, 14.4, and 15.0 branches. Publicly available exploit code exists (GitHub/Gist), though EPSS probability remains low (0.05%, 16th percentile) and CISA has not listed this in KEV, suggesting limited observed exploitation despite high CVSS 8.8 score and total technical impact per SSVC framework.
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'my_item_search' parameter in edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files including system configurations, environment files, and SSH private keys by bypassing media parsing validation functions. The vulnerability stems from incomplete path validation in isLikelyLocalPath() and isValidMedia() functions, with an allowBareFilename bypass permitting sandbox escape. Vendor-released patch available in commit 4797bbc (CVSS 8.7, no public exploit identified at time of analysis).
River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A critical OS command injection vulnerability exists in the Diagnostic Tool Interface of Netcore Power 15AX routers up to firmware version 3.0.0.6938. An authenticated attacker with low-level privileges can remotely execute arbitrary operating system commands by manipulating the IpAddr parameter in the setTools function of /bin/netis.cgi. A public proof-of-concept exploit has been released on GitHub, significantly increasing the risk of active exploitation, though the vendor has not responded to disclosure attempts.
Remote authenticated attackers can execute arbitrary code on Tenda AC5 routers (firmware version 15.03.06.47) by exploiting a stack-based buffer overflow in the WPS configuration handler. The vulnerability resides in the formWifiWpsOOB function handling POST requests to /goform/WifiWpsOOB, where insufficient validation of the 'index' parameter allows memory corruption. A publicly available exploit code exists (CVSS 8.8, EPSS data not provided), enabling authenticated attackers with low-privilege access to achieve complete device compromise with high impact on confidentiality, integrity, and availability.
Stack-based buffer overflow in Tenda AC5 router firmware version 15.03.06.47 enables remote authenticated attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the formSetCfm function's handling of the funcpara1 parameter in POST requests to /goform/setcfm. A publicly available exploit exists with proof-of-concept code disclosed through VulDB and documented in detailed technical write-ups, significantly lowering the barrier to exploitation for threat actors targeting vulnerable devices.
Remote attackers with low-level credentials can execute arbitrary code on Tenda AC5 wireless routers running firmware version 15.03.06.47 by exploiting a stack-based buffer overflow in the formQuickIndex function via a crafted PPPOEPassword parameter in POST requests to /goform/QuickIndex. Publicly available exploit code exists, including detailed proof-of-concept documentation published on Notion, elevating immediate risk for devices exposed to authenticated network users. The CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability with network-based attack vector and low complexity.
Remote attackers with low-level authentication can achieve full system compromise on Tenda AC5 routers running firmware version 15.03.06.47 by exploiting a stack-based buffer overflow in the addressNat POST request handler. The fromAddressNat function fails to validate the 'page' parameter, enabling memory corruption that leads to high confidentiality, integrity, and availability impact (CVSS 8.8). Publicly available exploit code exists, significantly lowering the barrier to exploitation.
Buffer overflow in UTT HiPER 1250GW firmware versions up to 3.2.7-210907-180535 allows authenticated remote attackers to achieve code execution through a malformed GroupName parameter in the DNS filter configuration handler. Public exploit code exists for this vulnerability and no patch is currently available. Affected organizations should restrict network access to administrative interfaces until remediation is possible.
Remote attackers can exploit a stack-based buffer overflow in the /cgi-bin/nas.cgi endpoint of Wavlink WL-NU516U1 by manipulating the Content-Length parameter to achieve unauthenticated remote code execution. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. Authentication is required to trigger the flaw, limiting exposure to authenticated users or those with network access to the device.
Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the Finger. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Shared Files WordPress plugin before version 1.7.58 contains a path traversal vulnerability that allows attackers with Contributor-level privileges or higher to download arbitrary files from the web server, including sensitive configuration files such as wp-config.php. A public proof-of-concept exploit is available, making this vulnerability actively exploitable in the wild. This represents a critical information disclosure risk affecting WordPress installations using affected versions of the plugin.
River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Malformed DICOM files with non-standard VR types trigger uncontrolled memory allocation in Grassroots DICOM (GDCM) library, enabling remote denial-of-service attacks without authentication. CISA ICS-CERT issued an ICSMA advisory (26-083-01) highlighting impacts to medical imaging systems that rely on GDCM for DICOM parsing. The vulnerability allows heap exhaustion from a single malicious file read operation, with CVSS 7.5 (High severity, network-accessible, no privileges required). No public exploit identified at time of analysis.
Out-of-bounds write vulnerabilities in Siemens CPCI85 Central Processing/Communication and SICORE Base system (versions below V26.10) allow unauthenticated remote attackers to crash critical industrial control system services through maliciously crafted XML requests, resulting in denial-of-service conditions. CISA's SSVC framework marks this as automatable with partial technical impact, though no public exploit has been identified at time of analysis. The CVSS 4.0 score of 8.7 reflects high availability impact (VA:H) with network accessibility requiring no authentication (PR:N).
The Responsive Plus WordPress plugin before version 3.4.3 contains an arbitrary shortcode execution vulnerability that allows unauthenticated attackers to execute malicious shortcodes through the update_responsive_woo_free_shipping_left_shortcode AJAX action. The vulnerability stems from improper validation of the content_rech_data parameter before processing it as a shortcode, effectively enabling remote code execution in the context of the WordPress installation. A public proof-of-concept exploit is available via WPScan, and this vulnerability poses an immediate threat to all unpatched installations of the affected plugin versions.
Path traversal in Incus system container manager allows authenticated remote attackers to write arbitrary files as root on the host via malformed systemd credential configuration keys. Affecting all versions before 6.23.0, this enables both privilege escalation from container to host and denial of service through critical file overwrites. EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability, with no public exploit identified at time of analysis. The CVSS 9.9 Critical rating reflects the severe impact of container escape, though the PR:L requirement and lack of active exploitation temper immediate urgency.
Incus system container and virtual machine manager versions prior to 6.23.0 allow authenticated users with instance access to read and write arbitrary files as root on the host system through exploitation of pongo2 template processing. The vulnerability (scored CVSS 10.0 critical) stems from a bypassed chroot isolation mechanism that was intended to confine template operations to instance filesystems but instead permits unrestricted host filesystem access. No public exploit identified at time of analysis, though the vulnerability is tagged as Server-Side Template Injection (SSTI) with a GitHub security advisory published.
Remote command execution can be achieved by low-privileged authenticated users (ProjectMember role) in OneUptime monitoring platform versions prior to 10.0.35 by exploiting incomplete sandbox restrictions in Synthetic Monitor Playwright script execution. Attackers can traverse the unblocked _browserType and launchServer properties via page.context().browser()._browserType.launchServer() to spawn arbitrary processes on the Probe container or host. A proof-of-concept exploit exists per SSVC framework data, and the vulnerability carries a CVSS score of 9.9 with Critical severity due to scope change and total technical impact.
{ ... }` declarations directly into generated executable code, and its quote filter strips single/double quotes but not backticks, so template-literal payloads such as ``export { require(`child_process`).execSync(`id`) }`` evaluate as live JavaScript. Publicly available exploit code exists (CISA SSVC marks exploitation 'poc'); EPSS is low at 0.07% and it is not on the CISA KEV, so no confirmed active exploitation.
Remote code execution in Daylight Studio FuelCMS v1.5.2 through the /parser/dwoo component enables unauthenticated attackers to execute arbitrary PHP code via specially crafted input. The vulnerability exploits insufficient input validation in the Dwoo template engine integration, allowing direct PHP code injection. Attack complexity appears low given the public references to exploitation techniques in the provided pentest-tools PDF, though no formal CVSS scoring or CISA KEV confirmation is available to assess real-world exploitation prevalence.
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Squid versions prior to 7.5 contain a heap use-after-free vulnerability (CWE-416) in ICP (Internet Cache Protocol) traffic handling that enables remote attackers to reliably trigger denial of service against affected proxy services. The vulnerability affects any Squid deployment with ICP support explicitly enabled via non-zero icp_port configuration, and cannot be mitigated through access control rules alone. A patch is available in version 7.5, and the vulnerability has been confirmed across multiple Debian releases and SUSE distributions.
A deserialization vulnerability exists in the wvp-GB28181-pro project (a video streaming platform using GB28181 protocol) through version 2.7.4, specifically in the GenericFastJsonRedisSerializer implementation within the Redis configuration. The flaw allows unauthenticated remote attackers to exploit insecure deserialization through the API endpoint, potentially achieving code execution or data manipulation with low complexity. A public proof-of-concept exploit has been released on GitHub, significantly increasing the risk of active exploitation, and the vendor has not responded to disclosure attempts.
A security vulnerability in A weakness (CVSS 5.5). Risk factors: public PoC available.
SQL injection in Simple Laundry System 1.0's /checkregisitem.php parameter handler allows unauthenticated remote attackers to manipulate the Long-arm-shirtVol argument and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available to remediate this issue.
SQL injection in the Admin Login Module of code-projects Online Food Ordering System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter in /admin.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations should implement network-level controls or upgrade to a patched version once available.
SQL injection in itsourcecode Online Enrollment System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the deptid parameter in the grades index page. Public exploit code is available for this vulnerability, and no patch is currently available. The attack requires only network access with no additional complexity or user interaction.