Stored cross-site scripting (XSS) in assafelovic gpt-researcher versions up to 3.4.3 allows unauthenticated remote attackers to inject malicious scripts via the Report API in backend/server/app.py. The vulnerability requires user interaction (report viewing) to trigger payload execution and carries low integrity impact (CVSS 4.3). Publicly available exploit code exists, and the vendor has not addressed the issue despite early notification.
SQL injection in PHPGurukul Online Shopping Portal Project 2.1 allows authenticated remote attackers to manipulate the filename parameter in /admin/update-image3.php, leading to database query manipulation with limited confidentiality and integrity impact. The vulnerability carries a CVSS score of 5.3 (medium severity) and requires valid admin credentials to exploit; publicly available exploit code exists but the vulnerability is not confirmed as actively exploited in CISA KEV.
SQL injection in PHPGurukul Online Shopping Portal Project 2.1 allows authenticated remote attackers to execute arbitrary SQL queries via the oid parameter in /cancelorder.php, potentially enabling unauthorized data access or modification. Publicly available exploit code exists for this vulnerability, which affects the parameter handler component and carries a CVSS score of 5.3 with confirmed exploitation feasibility.
SQL injection in PHPGurukul Online Shopping Portal Project 2.1 allows authenticated remote attackers to execute arbitrary SQL commands via the cid parameter in /categorywise-products.php. Publicly available exploit code exists for this vulnerability, which affects the parameter handler component. The attack requires valid user credentials but carries low impact, affecting confidentiality, integrity, and availability of data at limited scope.
Stack-based buffer overflow in Tenda CX12L firmware version 16.03.53.12 allows authenticated local network attackers to cause memory corruption via manipulation of the page parameter in the P2pListFilter function. The vulnerability requires local network access and authenticated privileges but carries publicly available exploit code, elevating practical risk despite the moderate CVSS score of 5.1.
Remote command injection in Totolink A7100RU 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary OS commands via the firewallType parameter in the setFirewallType function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.9 with low confidentiality, integrity, and availability impact. Public exploit code exists and the vulnerability is potentially actively exploited.
Remote command injection in Totolink A7100RU firmware version 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary OS commands by manipulating the enable parameter in the setRemoteCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a publicly available exploit and a CVSS 6.9 score reflecting remote network accessibility with low attack complexity. Real-world risk is elevated due to the presence of published exploit code and the direct path to command execution in a widely deployed home router model.
Remote code execution via OS command injection in Totolink A7100RU 7.4cu.2313_b20191024 allows unauthenticated network attackers to execute arbitrary commands through the tz parameter in the setNtpCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the vulnerability carries a CVSS 6.9 score indicating moderate severity with low impact across confidentiality, integrity, and availability.
Local command injection in ChrisChinchilla Vale-MCP up to version 0.1.0 allows authenticated local attackers to execute arbitrary OS commands via manipulation of the config_path argument in the HTTP Interface component (src/index.ts). The vulnerability requires local access and valid user privileges, with publicly available exploit code disclosed after vendor non-response, representing a moderate-risk issue in environments where the MCP tool is deployed with local user access.
OS command injection in Braffolk mcp-summarization-functions through version 0.1.5 allows local attackers with user-level privileges to execute arbitrary system commands by manipulating the command argument in the summarize_command function. The vulnerability affects the src/server/mcp-server.ts component and requires local access; publicly available exploit code exists, and the vendor has not responded to disclosure attempts.
Out-of-bounds read in RDiscount's Markdown parser allows denial-of-service when processing attacker-controlled inputs exceeding 2GB. The vulnerability occurs because unsigned Ruby string lengths are truncated to signed integers before passing to the native parser, causing the parser to read past buffer boundaries and crash. Affected are RDiscount.new(input).to_html and RDiscount.new(input).toc_content methods. No public exploitation beyond proof-of-concept exists; patch version 2.2.7.4 is available.
Signed integer overflow in OpenEXR's undo_pxr24_impl() function allows unauthenticated remote attackers to bypass buffer bounds checks and trigger heap buffer overflow during EXR file decoding, potentially causing denial of service or limited data corruption when processing maliciously crafted EXR files. The vulnerability affects OpenEXR versions 3.2.0 through 3.2.6, 3.3.0 through 3.3.8, and 3.4.0 through 3.4.8. No public exploit code or active exploitation has been confirmed at the time of analysis.
Cross-site scripting (XSS) in Cyber-III Student-Management-System allows high-privileged authenticated attackers to inject malicious scripts via the $_SERVER['PHP_SELF'] parameter in the /admin/Add%20notice/add%20notice.php endpoint. The vulnerability requires user interaction (UI:P) to trigger and is confirmed by publicly available exploit code, though real-world risk is mitigated by high privilege requirements (PR:H) and limited technical impact (integrity only). The product uses rolling releases with no versioning, and the vendor has not responded to early disclosure.
Stored cross-site scripting (XSS) in Cyber-III Student-Management-System via manipulation of the $_SERVER['PHP_SELF'] variable in the batch-notice.php admin file allows authenticated attackers with high privileges to inject malicious scripts. The vulnerability affects all versions up to commit 1a938fa61e9f735078e9b291d2e6215b4942af3f, exploitable remotely with user interaction, and publicly available exploit code exists. CVSS score of 4.8 reflects moderate risk constrained by authentication and interaction requirements, though the integrity impact and active public disclosure elevate operational concern.
Reflected cross-site scripting in Cyber-III Student-Management-System up to commit 1a938fa61e9f735078e9b291d2e6215b4942af3f allows high-privilege authenticated attackers to inject malicious scripts via the $_SERVER['PHP_SELF'] parameter in the admin notice endpoint (/admin/Add%20notice/notice.php). Publicly available exploit code exists, and the vulnerability requires user interaction (UI) to trigger, limiting practical impact despite remote accessibility.
Server-side request forgery (SSRF) in whisperX-FastAPI versions 0.3.1 through 0.5.0 allows unauthenticated remote attackers to make arbitrary HTTP requests to internal URLs by exploiting inadequate URL validation in the FileService.download_from_url() function. An attacker can bypass the post-request file extension check by appending .mp3 to any URL supplied to the /speech-to-text-url endpoint, enabling reconnaissance of internal services and potential information disclosure. The vulnerability carries moderate severity (CVSS 5.8) with confirmed patch availability in version 0.6.0.
Heap-based out-of-bounds read in libtheora's AVI parser allows local attackers with limited privileges to trigger application crashes or leak heap memory via specially crafted AVI files with truncated header sub-chunks. The vulnerability affects Red Hat Enterprise Linux versions 6 through 10 and requires user interaction (opening a malicious file), with real-world impact limited to denial-of-service and potential information disclosure rather than code execution.
SQL injection in code-projects Simple IT Discussion Forum 1.0 via the cat_id parameter in /edit-category.php allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leading to data exfiltration, modification, or deletion. The vulnerability has a publicly disclosed exploit and moderate CVSS score (6.9) with confirmed exploitation capability signals.
SQL injection in Cyber-III Student-Management-System login parameter handler allows unauthenticated remote attackers to execute arbitrary SQL queries via the Password parameter in /login.php, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, and the affected project uses rolling releases without fixed version tagging, complicating patch status determination. CVSS 6.9 reflects moderate severity with low confidentiality, integrity, and availability impact across multiple scopes.
SQL injection in code-projects Simple Laundry System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL queries via the firstName parameter in /userfinishregister.php, enabling data exfiltration and manipulation. The vulnerability has publicly available exploit code and a published CVSS 6.9 score reflecting moderate confidentiality and integrity impact.
Information disclosure in Google Android allows local authenticated users to read sensitive data from system memory via local file access, achieving high confidentiality impact with low attack complexity. The vulnerability affects Android System-on-Chip (SoC) implementations across multiple versions. EPSS score of 0.01% indicates minimal real-world exploitation probability despite the moderate CVSS 5.5 rating, suggesting this is a low-priority issue in practice.
Denial-of-service in the Linux kernel's ksmbd SMB server component stems from improper handling of volume identifiers in FS_OBJECT_ID_INFORMATION responses. Affected kernels fail to correctly use the superblock UUID (sb->s_uuid) as the volume identifier, and lack a safe fallback (via vfs_statfs()) for filesystems that do not expose a UUID - creating conditions for a kernel availability impact when a local low-privileged user interacts with an affected SMB share. EPSS is 0.01% (1st percentile) and no active exploitation is confirmed in CISA KEV; no public exploit code has been identified at time of analysis.
Stored cross-site scripting (XSS) via HTML attribute injection in Pi-hole Admin Interface versions 6.0 through 6.4 allows unauthenticated remote attackers to perform UI redressing and information disclosure by injecting double quotes into configuration values displayed in settings-advanced.js, exploitable through malicious teleporter backup imports that bypass server-side field validation.
Tandoor Recipes prior to version 2.6.4 allows authenticated users to inject malicious CSS via <style> tags in recipe step instructions due to improper sanitization by the bleach.clean() library, which whitelists <style> tags by default. Client applications rendering the instructions_markdown field from the API without additional sanitization will execute attacker-controlled CSS, enabling UI redressing, phishing overlays, visual defacement, and CSS-based data exfiltration attacks. The vulnerability requires authentication and user interaction to exploit, limiting its scope, but affects any downstream application consuming the API.
Stored cross-site scripting (XSS) in Bynder v0.1.394 allows authenticated attackers to inject and execute arbitrary web scripts or HTML through a crafted payload, affecting users who interact with malicious content. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting immediate mass exploitation but posing a risk to collaborative environments where users trust stored content. No public exploit has been confirmed as actively exploited per CISA records, and EPSS/KEV status indicates lower real-world exploitation probability despite the stored XSS vector.
Stored cross-site scripting (XSS) in Feehi CMS v2.1.1 Category module allows authenticated attackers to inject arbitrary web scripts via the Name parameter, affecting users who subsequently view the malicious content. The vulnerability requires user interaction (rendering in a browser) and authenticated access to inject the payload, but once stored, it executes in the context of any user viewing the affected category. EPSS exploitation probability is extremely low at 0.02% (5th percentile), indicating minimal real-world attack likelihood despite moderate CVSS score.
Authenticated stored XSS in Feehi CMS v2.1.1 allows authenticated users to inject arbitrary web scripts or HTML via the Page Sign parameter, enabling session hijacking, credential theft, or malware distribution to other users viewing affected pages. EPSS exploitation probability is minimal at 0.02%, and no public exploit code or active exploitation has been confirmed, indicating low real-world attack urgency despite the CVSS medium score.
Stored cross-site scripting (XSS) in Feehi CMS v2.1.1 allows authenticated attackers to inject malicious scripts into the Content field during page/post creation or editing, which execute in the browsers of other users viewing the affected content. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting its severity to CVSS 5.4 (medium). No public exploit code or active exploitation has been identified; EPSS score of 0.02% indicates extremely low real-world exploitation probability despite public disclosure.
Stored XSS in Feehi CMS v2.1.1 Role Management module allows authenticated users to execute arbitrary scripts via malicious Role Name input, affecting all users viewing the affected role. The vulnerability requires prior authentication and user interaction (UI:R), limiting its scope to authenticated attackers within the application; EPSS score of 0.02% indicates minimal real-world exploitation probability despite public visibility.
Stored cross-site scripting (XSS) in Feehi CMS v2.1.1 Permissions module allows authenticated users to inject malicious scripts via Group, Category, or Description parameters, potentially enabling session hijacking or malware distribution to other authenticated users. Attack requires valid credentials and user interaction (UI:R per CVSS), limiting immediate risk despite network accessibility. No public exploit code or active exploitation has been confirmed; EPSS probability is minimal at 0.01% (3rd percentile).
Stored HTML injection in lichess.org allows approved streamers to inject arbitrary markup into the /streamer page and homepage 'Live streams' widget via their Twitch or YouTube stream title, enabling defacement and phishing attacks. The vulnerability requires an attacker to first obtain an approved streamer account (accounts older than 2 days with 15+ games, or verified accounts) and then moderate approval, but no additional privileges or authentication beyond that approval is needed. Content Security Policy blocks inline script execution, limiting the immediate scope to HTML/CSS-based attacks rather than arbitrary JavaScript execution. A upstream fix is available via commit 0d5002696ae705e1888bf77de107c73de57bb1b3, and no public exploit code or active exploitation has been reported.
Bulwark Webmail versions prior to 1.4.11 fail to enforce Content-Security-Policy headers, allowing unauthenticated attackers to execute arbitrary JavaScript through crafted email HTML. The reverse proxy incorrectly uses Content-Security-Policy-Report-Only instead of the enforcing Content-Security-Policy header, enabling XSS attacks that can steal session tokens or perform unauthorized actions on behalf of users. This vulnerability requires user interaction (opening a malicious email) and affects only the client-side context with limited scope, reflected in the CVSS 5.3 score; no public exploit code or active exploitation has been reported.
SQL injection in PHPGurukul Online Shopping Portal Project 2.1 allows authenticated remote attackers to execute arbitrary SQL queries via the orderid parameter in /order-details.php, enabling data exfiltration and database manipulation. CVSS 6.3 reflects authenticated access requirement and limited scope; no public exploit code or active KEV status confirmed at time of analysis.
CORS header injection in Keycloak's User-Managed Access token endpoint allows remote attackers to reflect attacker-controlled origin values before JWT signature validation, potentially exposing low-sensitivity authorization error responses when clients are misconfigured with wildcard origin permissions. The vulnerability requires high attack complexity and affects only clients explicitly configured with webOrigins set to "*", resulting in a low-severity information disclosure with limited real-world exploitability.
Stored cross-site scripting in OCS Inventory NG Server 2.12.3 and prior allows unauthenticated attackers to inject malicious JavaScript via User-Agent HTTP headers to the /ocsinventory endpoint, which is then stored and executed in the browsers of authenticated users viewing the statistics dashboard. The vulnerability requires user interaction (dashboard access) but affects all instances accepting agent registrations without input validation, creating a persistent attack surface for multi-user deployments.
Reflected cross-site scripting (XSS) in Salesforce Workbench prior to version 65.0.0 allows unauthenticated remote attackers to inject arbitrary JavaScript via the footerScripts parameter on error pages, requiring user interaction to execute malicious payload. The vulnerability stems from improper input sanitization during web page generation. Vendor-released patch: version 65.0.0. No public exploit code or active exploitation confirmed at time of analysis.
Open redirect vulnerability in WeGIA web manager prior to version 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external URLs by injecting a malicious redirect parameter into HTTP requests. The vulnerability exploits missing URL validation on the redirect parameter, which is passed directly to PHP's header() function without sanitization or whitelist checks. User interaction is required as the victim must click a crafted link, but successful exploitation can facilitate phishing attacks or credential theft by redirecting users to attacker-controlled domains that masquerade as legitimate institutional websites.
Open Redirect vulnerability in WeGIA versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external websites via the unvalidated nextPage parameter in the /WeGIA/controle/control.php endpoint when combined with specific parameters (metodo=listarTodos and nomeClasse=EstoqueControle). Attackers can exploit the application's trusted domain to conduct phishing attacks, steal credentials, distribute malware, or execute social engineering campaigns. The vulnerability has been patched in version 3.6.9.
Open redirect vulnerability in WeGIA versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external websites via the nextPage parameter in the /WeGIA/controle/control.php endpoint. By combining this with specific query parameters (metodo=listarTodos, listarId_Nome, nomeClasse=OrigemControle), attackers can leverage the trusted WeGIA domain for phishing, credential harvesting, malware distribution, and social engineering attacks. The vulnerability is fixed in version 3.6.9.
Open redirect in WeGIA web management application versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external websites via an unvalidated nextPage parameter in the /WeGIA/controle/control.php endpoint. By crafting a malicious URL combining metodo=listarId and nomeClasse=IsaidaControle parameters, attackers can leverage the application's trusted domain for phishing, credential harvesting, malware distribution, and social engineering attacks. The vulnerability is fixed in version 3.6.9.
Open redirect vulnerability in WeGIA web application versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external URLs via an unvalidated redirect parameter in GET requests. The vulnerability requires user interaction (clicking a malicious link) and has limited confidentiality and integrity impact. This is fixed in version 3.6.9.
Open redirect vulnerability in WeGIA web manager versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external websites via the unvalidated nextPage parameter in the /WeGIA/controle/control.php endpoint. The vulnerability requires user interaction (clicking a malicious link) but leverages the trusted WeGIA domain to facilitate phishing, credential theft, and malware distribution attacks. This issue is fixed in version 3.6.9.
BatchCheck API calls in OpenFGA 1.8.0 through 1.13.1 can bypass authorization policies when multiple permission checks target the same object, relation, and user combination, allowing authenticated attackers with limited privileges to gain unauthorized access to protected resources. The vulnerability stems from improper handling of duplicate check parameters in batch operations and is fixed in version 1.14.0.
Tar archive extraction allows hidden file injection by local authenticated users through crafted malicious archives, bypassing pre-extraction inspection mechanisms and enabling introduction of attacker-controlled files. The vulnerability affects Red Hat Enterprise Linux versions 6 through 10, requires local access and user interaction (extraction action), and presents a moderate integrity risk (CVSS 5.0) with no confirmed active exploitation or public proof-of-concept at time of analysis.
Stored XSS in Feehi CMS v2.1.1 creation/editing module allows authenticated high-privilege users to execute arbitrary scripts via malicious Title parameter injection, affecting all users who view the affected content. The vulnerability requires high-privilege authentication and user interaction (UI:R), limiting real-world exploitability to insider threats or compromised administrative accounts; CVSS 4.8 reflects low impact (CIA:L) and confined scope.
Open edX Platform versions prior to commit 76462f1e5fa9b37d2621ad7ad19514b403908970 suffer from an open redirect vulnerability in the view_survey endpoint that accepts unvalidated redirect_url parameters, enabling attackers to redirect authenticated users to arbitrary attacker-controlled URLs for phishing and credential theft. The vulnerability requires user interaction (clicking a malicious link) to trigger the redirect but affects all versions of the platform until the specific commit is applied; no public exploit code has been identified at the time of analysis.
AZIOT 1 Node Smart Switch (16amp) WiFi/Bluetooth Enabled firmware version 1.1.9 allows information disclosure through unauthenticated UART debug interface access. An attacker with physical access to the device can connect to the serial console and extract sensitive information without any authentication barrier. This vulnerability has an EPSS score of 0.03% (9th percentile), indicating very low real-world exploitation probability despite the high confidentiality impact rating.
Buffer overflow in UTT Aggressive HiPER 810G v3 v1.7.7-171114 formTaskEdit function allows authenticated administrators to cause denial of service through a malformed selDateType parameter. The vulnerability is a classic stack-based buffer overflow (CWE-120) requiring high-privilege local network access; no public exploitation framework has been identified, and CVSS 4.5 reflects the limited scope (DoS only, no code execution or information disclosure).
Buffer overflow in UTT Aggressive 520W v3 firmware version 1.7.7-180627 allows authenticated high-privilege attackers to cause denial of service by supplying crafted input to the addCommand parameter of the formConfigCliForEngineerOnly function. The vulnerability requires administrative-level access and local network connectivity, limiting real-world attack surface despite the buffer overflow class of vulnerability.
Buffer overflow in UTT Aggressive HiPER 1200GW v2.5.3-170306 formArpBindConfig function allows authenticated attackers with high privileges to cause denial of service by supplying a crafted input to the pools parameter. CVSS score of 4.5 reflects limited attack surface (local network access required) and high privilege requirement, though impact is complete availability loss. No public exploit code or active exploitation confirmed at time of analysis.