OS command injection in Nor2-io heim-mcp up to version 0.1.3 allows authenticated local attackers to execute arbitrary system commands via the registerTools function in src/tools.ts, affecting cloud deployment operations. Publicly available exploit code exists, and the vendor released a patched version promptly after disclosure.
Remote information disclosure in Acrel Electrical Prepaid Cloud Platform 1.0 allows unauthenticated attackers to access sensitive data via the backup file handler component at /bin.rar with low attack complexity. Publicly available exploit code exists for this vulnerability, and the vendor did not respond to early disclosure notifications, leaving no patch available.
SQL injection in SourceCodester jkev Record Management System 1.0 allows remote unauthenticated attackers to manipulate the Username parameter in the Login component (index.php) to execute arbitrary SQL queries, potentially leading to unauthorized data access or modification. The exploit code is publicly available, and the vulnerability carries a CVSS 4.0 base score of 6.9 with low confidentiality, integrity, and availability impact.
OS command injection in Tenda AC10 firmware 16.03.10.10_multi_TDE01 allows authenticated remote attackers to execute arbitrary system commands via the formAddMacfilterRule function in /bin/httpd. The vulnerability requires valid credentials (PR:L in CVSS vector) and affects multiple endpoints related to MAC filtering configuration. No public exploit code has been independently confirmed as actively exploited, though proof-of-concept documentation exists in public repositories.
Null pointer dereference in Zephyr RTOS TCP stack during connection teardown allows authenticated remote attackers to cause denial of service. A race condition in tcp_recv() processing of SYN packets causes tcp_conn_search() to return NULL on a released connection, which is then dereferenced without validation in tcp_backlog_is_full(), resulting in a crash. The vulnerability requires low-privilege authentication and is moderately complex to trigger due to timing constraints (AC:H), but results in high availability impact.
Server-side request forgery (SSRF) in QingdaoU OnlineJudge up to version 1.6.1 allows authenticated remote attackers to perform arbitrary HTTP requests via the judge_server_heartbeat endpoint's service_url parameter, enabling potential exfiltration of internal data, interaction with internal services, or lateral movement within the target network. The vendor has not responded to disclosure attempts, and no official patch has been released.
Server-side request forgery in Ollama's Model Pull API (via server/download.go) allows authenticated remote attackers to manipulate file processing and trigger SSRF attacks, affecting Ollama versions up to 18.1. The vulnerability carries a CVSS score of 6.3 with moderate impact on confidentiality, integrity, and availability. No public exploit code or active exploitation has been confirmed, and the vendor has not responded to early disclosure attempts.
Zcash zcashd before version 6.12.0 fails to properly verify Sprout zero-knowledge proofs under certain conditions, allowing authenticated attackers to submit invalid transactions that could drain funds from the Sprout shielded pool. The vulnerability requires authenticated access and complex conditions to exploit, resulting in a low CVSS score of 3.5 despite the potential financial impact. No public exploit code or active exploitation has been confirmed.
OS command injection in MoussaabBadla code-screenshot-mcp HTTP interface (versions up to 0.1.0) allows authenticated remote attackers to execute arbitrary system commands with limited confidentiality, integrity, and availability impact. Public exploit code has been disclosed, and the vendor did not respond to early disclosure attempts, leaving affected deployments without vendor-provided patches.
SQL injection in zhongyu09 openchatbi up to version 0.2.1 allows authenticated remote attackers to manipulate the keywords argument in the Multi-stage Text2SQL Workflow component, leading to unauthorized database access with limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.
SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via manipulation of the fname parameter in the /OnlineClassroom/updatedetailsfromfaculty.php endpoint. The vulnerability has been publicly disclosed with exploit code available, presenting moderate real-world risk due to required authentication (PR:L) but low technical impact (VC:L, VI:L, VA:L) per CVSS 4.0 scoring.
Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 is vulnerable to cross-site request forgery (CSRF) in an unknown function, allowing remote attackers to perform unauthorized actions via a specially crafted request requiring user interaction. Public exploit code is available, and the vendor has not responded to early disclosure attempts, leaving deployed devices potentially at risk.