Remote SQL injection in code-projects Accounting System 1.0 allows unauthenticated attackers to execute arbitrary SQL queries via the cos_id parameter in the /viewin_costumer.php file. The vulnerability has a CVSS score of 6.9 with a public exploit available, enabling attackers to read sensitive data from the database with minimal attack complexity. This is a network-accessible PHP application flaw affecting confidentiality with confirmed public disclosure.
FreeRDP prior to version 3.24.2 contains a double-free vulnerability in Kerberos authentication handling that crashes FreeRDP clients during NLA connection teardown following failed authentication attempts on systems with Kerberos configured. The vulnerability affects all versions before 3.24.2 across multiple Linux distributions (Debian, Ubuntu) and requires network access but no authentication credentials, presenting a denial-of-service vector against RDP clients in enterprise environments using Kerberos or Kerberos U2U authentication. No public exploit code has been identified, and the impact is limited to availability (denial of service) rather than confidentiality or integrity.
Information disclosure in Sulu admin API allows users with any Sulu Admin role to access contact sub-entities without explicit contact permissions, bypassing authorization controls. Affects Sulu versions prior to 2.6.22 and 3.0.x prior to 3.0.5. No CVSS or EPSS data available; no active exploitation confirmed, but the vulnerability enables unauthorized data exposure through a widely-accessible admin interface.
Parse Server's GraphQL API endpoint bypasses the configured allowOrigin CORS restriction, allowing cross-origin requests from any website while the REST API correctly enforces the policy. This authentication bypass affects Parse Server instances where operators have configured origin restrictions to limit API access, enabling attackers from arbitrary websites to interact with the GraphQL endpoint without respecting these security controls. The vulnerability has been patched in Parse Server 8 and 9 via upstream fixes, and no public exploit code or active exploitation has been confirmed.
Unauthenticated directory enumeration in MRCMS V3.1.2 allows remote attackers to list and discover directory contents through the /admin/file/list.do endpoint without credentials. The vulnerability stems from missing authentication controls and input validation in the file management module, enabling information disclosure that can facilitate reconnaissance for follow-on attacks.
ESET Protect (on-premises) allows user enumeration through response timing analysis, enabling remote attackers to determine whether specific usernames exist in the system without authentication. This information disclosure vulnerability (CWE-204) exploits timing differences in authentication responses to distinguish valid users from invalid ones, potentially facilitating targeted attacks against known accounts.
Memory leak in Node.js HTTP/2 servers allows remote unauthenticated attackers to exhaust server memory by sending crafted WINDOW_UPDATE frames on stream 0 that exceed the maximum flow control window value. Affected versions include Node.js 20, 22, 24, and 25. While the server correctly responds with a GOAWAY frame, the Http2Session object fails to be cleaned up, leading to denial of service through resource exhaustion. No public exploit code identified at time of analysis.
Unix Domain Socket operations in Node.js 25.x bypass permission model enforcement, allowing local processes to create IPC endpoints and communicate with other processes when run with --permission flag but without --allow-net. An authenticated local attacker can establish inter-process communication channels that circumvent the intended network isolation boundary, resulting in information disclosure and potential privilege escalation within the same host. No public exploit code identified at time of analysis, though the vulnerability affects an experimental permission enforcement feature.
Reflected cross-site scripting (XSS) in Smoothwall Express versions before 3.1 Update 13 allows unauthenticated remote attackers to execute arbitrary JavaScript in users' browsers by crafting malicious URLs with javascript: schemes and delivering them through the unsanitized /redirect.cgi endpoint. The vulnerability requires user interaction (clicking a malicious link) and results in limited scope impact affecting user confidentiality and integrity. No public exploit code or active exploitation has been identified at time of analysis.
Stored cross-site scripting in Smoothwall Express prior to version 3.1 Update 13 allows authenticated attackers to inject arbitrary JavaScript through the VPN_IP parameter in /cgi-bin/vpnmain.cgi, which executes when other users view affected VPN configuration pages. The vulnerability requires user interaction (page view) and authenticated access, limiting immediate risk but enabling persistent session hijacking or credential theft against administrative users. No public exploit code or active exploitation has been confirmed at the time of analysis.
Maliciously crafted `.idx` files in go-git v5 cause asymmetric memory consumption leading to Denial of Service through integer overflow vulnerabilities. Exploitation requires local write access to the `.git` directory, limiting attack surface to scenarios where an attacker has already compromised repository access or can inject files into a shared repository. No public exploit code or active exploitation has been confirmed; however, the low CVSS complexity and requirement for only low-privilege local access make this a moderate operational concern for development environments and CI/CD systems that process untrusted repositories.
SQL injection in Tautulli's /api/v2?cmd=get_home_stats endpoint allows authenticated administrators to exfiltrate sensitive data from the SQLite database via boolean-blind SQL inference. Affected versions include 2.14.2-2.16.x for the 'before' and 'after' parameters, and 2.1.0-beta-2.16.x for 'section_id' and 'user_id' parameters. The vulnerability requires possession of the admin API key and results in confidentiality compromise without code execution. Patch is available in version 2.17.0.
Improper certificate validation in Apache Airflow Provider for Databricks versions 1.10.0 through 1.11.x allows unauthenticated attackers to intercept and manipulate traffic between Airflow and Databricks backends via man-in-the-middle attacks, potentially exfiltrating credentials and sensitive workflow data. The provider did not validate SSL/TLS certificates when establishing connections to Databricks, creating a critical trust boundary weakness. Vendor-released patch available in version 1.12.0; no public exploit code or active exploitation confirmed at time of analysis.
Stored DOM-based cross-site scripting (XSS) in CI4 CMS-ERP Mail Settings allows authenticated administrators to inject arbitrary JavaScript via unsanitized configuration fields (Mail Server, Port, Email Address, Password, Protocol, TLS settings), with payloads executing immediately on the same settings page upon save. Attack requires high-privilege access (PR:H) but enables full account takeover and platform compromise. Publicly available proof-of-concept video demonstrates attribute breakout technique.
Server-Side Request Forgery (SSRF) in Tautulli prior to version 2.17.0 allows remote attackers to forge outbound HTTP requests from the Plex Media Server process via the unauthenticated /pms_image_proxy endpoint, potentially exposing internal services on RFC-1918 address space and enabling reconnaissance or attacks against systems accessible from the Plex server's network context.