EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries.
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Amon2 for Perl versions before 6.17 use cryptographically weak random number generation for security-critical functions including session IDs, cookie signing secrets, and CSRF tokens. Versions 6.06-6.16 fall back to SHA-1 hashes seeded with predictable inputs (process ID from a small set, guessable epoch time, and the unsuitable built-in rand() function) when /dev/urandom is unavailable; versions before 6.06 relied entirely on built-in rand(). No CVSS vector or EPSS data is available, and no public exploit code or active exploitation has been confirmed, but the weakness directly undermines session security and CSRF protection in affected applications.
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids.
Operating system command injection in elecV2P up to version 3.8.3 allows unauthenticated remote attackers to execute arbitrary commands through the pm2run function in the /rpc endpoint. The vulnerability has a CVSS score of 6.9 with publicly available exploit code, though the vendor has not yet responded to early notification of the issue. This represents a moderate-to-high risk for exposed elecV2P instances due to the combination of remote exploitability, low attack complexity, and confirmed public exploit availability.
Code injection in Sinaptik AI PandasAI versions up to 3.0.0 allows unauthenticated remote attackers to execute arbitrary code via the CodeExecutor.execute function in the Chat Message Handler component. CVSS 7.3 (High) with network attack vector, low complexity, and no authentication required. Publicly available exploit code exists (POC on GitHub Gist). EPSS data not provided, but the combination of unauthenticated remote execution and public exploit significantly elevates real-world risk. Vendor non-responsive to coordinated disclosure.
Path traversal in Sinaptik AI PandasAI up to version 3.0.0 allows remote unauthenticated attackers to read arbitrary files by manipulating the is_sql_query_safe function in the SQL sanitizer module. The vulnerability has a CVSS score of 5.3 (low-to-medium severity) with public exploit code available, though active exploitation has not been confirmed by CISA. The vendor did not respond to early disclosure notification.
Path traversal in elecV2P's wildcard handler allows unauthenticated remote attackers to read files outside intended directories via improper path validation in the /log/ endpoint, affecting versions up to 3.8.3. The vulnerability has a publicly available proof of concept and a CVSS score of 5.5 reflecting limited confidentiality impact. The vendor has not responded to early disclosure despite issue notification.
Prompt injection in PromtEngineer localGPT allows unauthenticated remote attackers to manipulate LLM behavior via crafted inputs to the _route_using_overviews function. Publicly available exploit code exists (GitHub). The vulnerability affects all versions up to commit 4d41c7d17, with CVSS 7.3 indicating moderate confidentiality, integrity, and availability impact. EPSS data not available, but the combination of network-accessible attack vector, low complexity (AC:L), no authentication requirement (PR:N), and public POC elevates real-world risk for installations exposed to untrusted input.
Server-Side Request Forgery (SSRF) in elecV2P versions up to 3.8.3 allows unauthenticated remote attackers to manipulate internal or external HTTP requests via the eAxios function in the /mock URL handler. The vulnerability enables unauthorized access to internal resources, data exfiltration from confidential endpoints, and potential lateral movement within internal networks. Publicly available exploit code exists (GitHub issue #202), significantly lowering the barrier to exploitation. EPSS data not provided, but the combination of network-accessible attack vector, low complexity, no authentication requirement, and public POC represents elevated real-world risk. Vendor has not responded to early disclosure.
Unrestricted file upload in PromtEngineer localGPT allows remote attackers to upload arbitrary files via the do_POST function in backend/server.py, enabling potential remote code execution or system compromise. The vulnerability affects all versions up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054, impacts unauthenticated remote users, and publicly available exploit code exists. The vendor has not responded to early disclosure attempts, leaving the product unpatched.
SQL injection in code-projects Simple Food Order System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the Status parameter in all-orders.php. The vulnerability has a publicly available exploit and requires no authentication or user interaction (CVSS 7.3, AV:N/AC:L/PR:N). No vendor-released patch identified at time of analysis, representing elevated risk for installations of this PHP-based food ordering application.
SQL injection in code-projects Simple Food Order System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the 'Name' parameter in register-router.php. The vulnerability permits unauthorized database access with confirmed publicly available exploit code (EPSS and CVSS both indicate medium-severity risk). Attack complexity is low with no user interaction required, enabling automated exploitation. No vendor-released patch identified at time of analysis, and exploitation requires no authentication (CVSS PR:N).
SQL injection in Simple Food Order System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the Status parameter in /all-tickets.php. The vulnerability is trivially exploitable with low attack complexity and requires no user interaction. Public exploit code exists on GitHub, significantly lowering the barrier to exploitation, though no active exploitation has been confirmed by CISA KEV at time of analysis.
SQL injection in Sinaptik AI PandasAI versions up to 0.1.4 allows unauthenticated remote attackers to manipulate database operations through the pandasai-lancedb extension. Six functions (delete_question_and_answers, delete_docs, update_question_answer, update_docs, get_relevant_question_answers_by_id, get_relevant_docs_by_id) in lancedb.py are vulnerable to SQL injection attacks. Publicly available exploit code exists (CVSS 7.3, EPSS data not provided). The vendor has not responded to disclosure attempts.
Path traversal in elecV2P up to version 3.8.3 allows unauthenticated remote attackers to read arbitrary files via manipulation of the URL argument in the /store/:key endpoint's path.join function. The vulnerability has a CVSS score of 5.5 with low confidentiality impact, publicly available exploit code exists, and the vendor has not responded to early notification through an issue report.
Restaurant Cafeteria WordPress theme through version 0.4.6 allows authenticated subscribers to execute arbitrary PHP code and modify site configuration through unprotected admin-ajax actions lacking nonce and capability checks. An attacker with subscriber-level access can install malicious plugins from attacker-controlled URLs or import demo content that overwrites critical site settings, pages, menus, and theme configuration. Publicly available exploit code exists for this vulnerability.
Payment amount bypass in Brainstorm Force SureForms WordPress plugin (all versions ≤2.5.2) allows unauthenticated remote attackers to create underpriced payment and subscription intents by manipulating the form_id parameter to 0, circumventing configured payment validation. CVSS 7.5 (High) with network-accessible attack vector and low complexity. EPSS data not provided; no public exploit identified at time of analysis. This represents a direct financial fraud risk for e-commerce and donation sites using the affected plugin.
Buffer overflow in Zephyr RTOS eswifi socket offload driver allows authenticated local attackers to corrupt kernel memory through oversized socket send operations. The vulnerability enables privilege escalation and denial of service via heap corruption, with high integrity and availability impact. No public exploit identified at time of analysis, though the attack vector is straightforward for users with socket API access. CVSS 7.3 reflects moderate-high severity constrained by local-only access requiring low-level privileges.
Server-Side Request Forgery (SSRF) in Oxygen Theme for WordPress versions up to 6.0.8 allows unauthenticated remote attackers to make arbitrary HTTP requests from the web server via the vulnerable laborator_calc_route AJAX action. This vulnerability is confirmed exploitable without authentication (CVSS PR:N) and enables attackers to query or modify internal services behind firewalls, exfiltrate cloud metadata (AWS/Azure credentials), or scan internal networks. No public exploit identified at time of analysis, though the unauthenticated attack vector and low complexity (AC:L) suggest straightforward exploitation.
Authentication bypass in PromtEngineer localGPT affects the LocalGPTHandler API endpoint in backend/server.py, allowing unauthenticated remote attackers to access protected functionality with low confidentiality, integrity, and availability impact. The vulnerability stems from improper validation of the BaseHTTPRequestHandler argument, enabling attackers to manipulate request handling without credentials. No public exploit code or active exploitation has been confirmed, though the vendor has not responded to disclosure efforts.
Ninja Forms plugin for WordPress versions up to 3.14.1 exposes authorization tokens via an insecure callback function in blocks/bootstrap.php, allowing authenticated Contributor-level users and above to access form submission data from arbitrary forms without proper authorization. The vulnerability enables sensitive information disclosure affecting all WordPress installations using the affected plugin versions, with no active exploitation confirmed at time of analysis.
Path traversal in z-9527 admin's file upload function allows authenticated remote attackers to manipulate the fileType parameter in /server/utils/upload.js to access files outside the intended directory, potentially leading to information disclosure or file overwrite. The vulnerability affects all versions up to commit 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2, with publicly available exploit code documented and a CVSS score of 5.3 (low confidentiality, integrity, and availability impact). The vendor has not responded to early disclosure notification.
Remote code execution in elecV2P up to version 3.8.3 allows authenticated attackers to inject arbitrary code via manipulation of the rawcode argument in the runJSFile function of the /webhook JSON Parser endpoint. The vulnerability has publicly available exploit code and the vendor has not yet responded to early disclosure notifications, making this an active security concern for deployed instances.
Reflected cross-site scripting (XSS) in elecV2P up to version 3.8.3 allows remote attackers to inject malicious scripts via the filename parameter in the /logs endpoint, requiring user interaction to execute. The vulnerability has publicly available exploit code and affects all versions through 3.8.3, with no vendor patch released despite early notification through issue reporting.
Stored cross-site scripting (XSS) in wandb OpenUI up to version 1.0 via the Window Message Event Handler in frontend/public/annotator/index.html allows authenticated remote attackers to inject malicious scripts with user interaction. The vulnerability has a low CVSS score (3.5) due to authentication and user-interaction requirements, but publicly available exploit code exists and the vendor has not responded to early disclosure notifications.
Information disclosure in wandb OpenUI up to version 1.0/3.5-turb allows authenticated local network attackers to expose sensitive information through error messages in the APIStatusError handler by manipulating the key argument. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification. Attack complexity is low and requires only local network access and low-level privileges.
OS command injection in kazuph mcp-docs-rag through version 0.5.0 allows local attackers with limited privileges to execute arbitrary commands via the cloneRepository function in src/index.ts. The vulnerability affects the add_git_repository and add_text_file components, with publicly available exploit code demonstrating the attack. No vendor patch has been released despite early notification through a GitHub issue.