eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu_lev1 parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort_direction parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language_tag parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the search_by_extrafields[] parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id_to_modify' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng_profile_id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stack-based buffer overflow in Tenda CH22 router firmware version 1.0.0.1 allows authenticated remote attackers to execute arbitrary code via crafted 'standard' parameter to the formCertLocalPrecreate function in /goform/CertLocalPrecreate endpoint. Publicly available exploit code exists (GitHub), CVSS 7.4 (High), but no active exploitation confirmed (not in CISA KEV). CVSS vector indicates low attack complexity with required authentication (PR:L), affecting all three confidentiality, integrity, and availability at high impact levels.
Buffer overflow in Tenda M3 router firmware 1.0.0.10 allows authenticated remote attackers to achieve code execution via the setAdvPolicyData endpoint. The vulnerability resides in the Destination Handler component's policyType parameter processing. Publicly available exploit code exists (GitHub POC), elevating immediate risk despite low-privilege authentication requirement. CVSS 7.4 reflects network-accessible attack with low complexity; no CISA KEV listing indicates exploitation remains proof-of-concept stage rather than widespread campaign targeting.
Buffer overflow in UTT HiPER 1250GW router firmware (versions ≤3.2.7-210907-180535) allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the strcpy function within /goform/formNatStaticMap endpoint, where manipulation of the NatBind parameter triggers memory corruption. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barriers for threat actors with valid credentials. CVSS 8.8 severity reflects network-based attack vector with low complexity, though low-privilege authentication is required, reducing immediate internet-scale exploitation risk.
Stack-based buffer overflow in UTT HiPER 1250GW router (versions up to 3.2.7-210907-180535) allows authenticated remote attackers to achieve arbitrary code execution with high integrity and availability impact via malformed Profile parameter in /goform/formRemoteControl endpoint. Publicly available exploit code exists. CVSS 8.8 reflects network accessibility with low attack complexity, though authentication requirement (PR:L) moderately reduces immediate exploit surface. No CISA KEV listing indicates exploitation remains proof-of-concept stage rather than widespread campaign activity.
Stack-based buffer overflow in Tenda CH22 router firmware version 1.0.0.1 allows authenticated remote attackers to achieve arbitrary code execution via the formWrlExtraSet function. The vulnerability resides in the /goform/WrlExtraSet endpoint where manipulation of the 'GO' parameter triggers memory corruption. With CVSS 8.8 (network-accessible, low complexity, requires low-privileged authentication), this represents a critical risk to affected devices. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation, though no confirmed active exploitation (CISA KEV) has been reported at time of analysis.
SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Stack-based buffer overflow in Tenda AC10 router firmware version 16.03.10.10_multi_TDE01 allows authenticated remote attackers to achieve complete system compromise through the fromSysToolChangePwd function in /bin/httpd. The vulnerability requires only low-privilege authentication (CVSS PR:L) and has low attack complexity, enabling potential remote code execution with full confidentiality, integrity, and availability impact. No public exploit code identified at time of analysis, though detailed technical findings have been published on GitHub documenting multiple vulnerable endpoints.
Stack-based buffer overflow in Tenda AC10 router firmware 16.03.10.10_multi_TDE01 allows authenticated remote attackers to achieve code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromSysToolChangePwd function within /bin/httpd, triggered by manipulating the sys.userpass parameter. Publicly available exploit code exists (GitHub repository documented), though no confirmed active exploitation (not in CISA KEV). CVSS 8.8 reflects network-accessible attack requiring only low-privilege authentication with low complexity, making this a realistic threat for internet-exposed routers with default or compromised credentials.
Remote unauthenticated command execution in Honeywell Handheld Scanner base stations (C1/D1/A1/B1 models) allows attackers within Bluetooth range to execute system commands on connected host systems without authentication. Affects C1 Base (Ingenic x1000) before GK000432BAA, D1 Base (Ingenic x1600) before HE000085BAA, and A1/B1 Base (IMX25) before BK000763BAA/BK000765BAA/CU000101BAA. CVSS 8.1 (High) reflects high confidentiality and integrity impact with network attack vector requiring user interaction. No public exploit identified at time of analysis, though the missing authentication (CWE-306) combined with proximity-based Bluetooth attack vector creates significant risk for environments using these industrial scanning devices.
Cross-world user deletion in venueless allows authenticated API users with 'manage users' permission in one world to delete user accounts in completely separate worlds. Venueless versions prior to commit 02b9cbe5 are affected. The CVSS 7.3 rating reflects network-based attack requiring low-complexity exploitation by authenticated users with low privileges. No public exploit identified at time of analysis, though the vulnerability permits unauthorized data destruction across tenant boundaries in multi-tenant deployments.