CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setLedCfg function of /cgi-bin/cstecgi.cgi. Public exploit code exists (GitHub), making this vulnerability immediately weaponizable with CVSS 9.8 (Critical). EPSS data not available, but no CISA KEV listing indicates no confirmed widespread exploitation despite POC availability.
OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via the setTracerouteCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists on GitHub, significantly lowering the attack barrier. CVSS 9.8 (Critical) with network vector, low complexity, and no authentication required indicates maximum exploitability. While not confirmed in CISA KEV, the public POC makes this an immediate patching priority for affected devices.
OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via crafted requests to the /cgi-bin/cstecgi.cgi endpoint. The vulnerability resides in the setDiagnosisCfg function's insufficient validation of the 'ip' parameter. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barriers. CVSS 9.8 (Critical) reflects network-accessible, low-complexity attack requiring no authentication. No vendor-released patch identified at time of analysis.
OS command injection in Totolink A7100RU router firmware (version 7.4cu.2313_b20191024) allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setAppCfg function of /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity with network attack vector, low complexity, and no authentication required. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation, though no CISA KEV listing indicates targeted campaigns have not been observed at time of analysis.
OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via the 'proto' parameter in setNetworkCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, significantly lowering the exploitation barrier. CVSS 9.8 (Critical) reflects network-accessible attack requiring no authentication or user interaction.
OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the ttyEnable parameter in the setTtyServiceCfg function of /cgi-bin/cstecgi.cgi. Public exploit code is available (GitHub POC published). CVSS 9.8 critical severity with network vector, low complexity, and no privileges required. No vendor-released patch identified at time of analysis, representing immediate risk to internet-facing devices.
OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the CGI interface. The setRadvdCfg function in /cgi-bin/cstecgi.cgi fails to sanitize the maxRtrAdvInterval parameter, enabling command injection through crafted HTTP requests. Publicly available exploit code exists on GitHub, significantly lowering exploitation barriers. CVSS 9.8 critical rating reflects network-accessible attack vector with no authentication or user interaction required, enabling full system compromise.
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7 enables authenticated remote attackers to execute arbitrary code with high privileges via crafted 'entrys' parameter to the /goform/addressNat endpoint. The vulnerability resides in the fromAddressNat function of the httpd component. Public exploit code is available (GitHub), with EPSS indicating moderate exploitation probability. Requires low-privilege authentication (PR:L) but has low attack complexity (AC:L), making it accessible to attackers with basic router credentials.
Stack-based buffer overflow in Tenda F451 wireless router (firmware 1.0.0.7_cn_svn7958) allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the frmL7ImForm function handling the 'page' parameter at /goform/L7Im endpoint. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barriers. CVSS 8.8 (High) reflects network-accessible attack vector with low complexity, requiring only low-privilege authentication. No vendor-released patch identified at time of analysis.
Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7_cn_svn7958 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromSetIpBind function accessible via /goform/SetIpBind endpoint, where manipulation of the 'page' parameter triggers memory corruption. Publicly available exploit code exists (GitHub POC published), significantly lowering the barrier to exploitation despite requiring low-privilege authentication. CVSS 8.8 severity reflects network accessibility, low attack complexity, and complete system compromise potential.
Stack-based buffer overflow in Tenda F451 router (version 1.0.0.7_cn_svn7958) allows authenticated remote attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability resides in the fromSafeUrlFilter function handling the 'page' parameter in /goform/SafeUrlFilter endpoint. Publicly available exploit code exists (GitHub POC), significantly lowering exploitation barrier. With CVSS 8.8 (Critical) and low attack complexity, this represents a serious risk to deployed devices, though exploitation requires authenticated access (PR:L) to the router's web interface.
Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise via the SafeMacFilter function. The vulnerability is exploitable over the network with low complexity, requiring only basic user credentials. Publicly available exploit code exists (GitHub POC), significantly lowering the barrier for exploitation. CVSS 8.8 (High) severity with potential for code execution, data theft, and device takeover.
Stack-based buffer overflow in Tenda F451 router version 1.0.0.7 allows authenticated remote attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability resides in the httpd component's frmL7ProtForm function when processing the 'page' parameter in /goform/L7Prot. Publicly available exploit code exists (GitHub POC published), enabling attackers with low-privilege credentials to achieve full system compromise. CVSS 8.8 (High) with low attack complexity and no user interaction required. No vendor-released patch identified at time of analysis.
Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7 allows authenticated remote attackers to achieve full system compromise via crafted HTTP requests to the wireless client configuration endpoint. The vulnerability (CVSS 8.8) exists in the WrlclientSet function within the httpd service and requires only low-privilege authentication. Publicly available exploit code has been published on GitHub, significantly lowering the barrier to exploitation, though no active exploitation is confirmed in CISA KEV at time of analysis.
Stack-based buffer overflow in Tenda F451 router version 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise through the DHCP client list function. The vulnerability exists in the httpd service's /goform/DhcpListClient endpoint via the 'page' parameter. Publicly available exploit code exists (GitHub POC published), enabling low-complexity attacks that can result in full confidentiality, integrity, and availability compromise. CVSS 8.8 reflects high impact across all security objectives with minimal attack complexity, though low-privileged authentication is required.
Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7_cn_svn7958 allows remote authenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability resides in the fromqossetting function's handling of the 'qos' parameter in /goform/qossetting endpoint. Publicly available exploit code (GitHub PoC) significantly lowers the barrier to exploitation. CVSS 7.4 (High) with low attack complexity and network attack vector indicates elevated risk for exposed devices, though low-privilege authentication is required.
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Out-of-bounds memory access in the WebGPU implementation of Mesa (fixed in 25.3.6 and 26.0.1) lets an attacker who can submit WebGPU workloads corrupt memory, because a to-be-allocated buffer size is taken from an untrusted party and passed to alloca, producing a stack-based out-of-bounds write (CWE-787). The CVSS 9.8 rating reflects total technical impact, but there is no public exploit identified at time of analysis and EPSS is very low at 0.04%, indicating a serious memory-corruption bug that is not yet being exploited. SUSE and Debian LTS have already shipped fixed packages.
OS command injection in chatboxai chatbox up to version 1.20.0 allows remote attackers to execute arbitrary system commands by manipulating the args/env parameters in the StdioClientTransport component of the Model Context Protocol Server Management System. The vulnerability has a publicly available proof-of-concept exploit and affects the IPC stdio transport mechanism that handles subprocess spawning without proper input sanitization. While the vendor was notified early, no patch has been released as of the analysis date.
Authentication bypass in zhayujie chatgpt-on-wechat CowAgent up to version 2.0.4 allows remote unauthenticated attackers to manipulate the Agent Mode Service component, resulting in missing authentication checks (CWE-306). Publicly available exploit code exists, and the vulnerability has been reported to the project without response. CVSS 6.9 reflects moderate confidentiality, integrity, and availability impact with network-accessible attack vector and no user interaction required.
Missing authentication in zhayujie chatgpt-on-wechat CowAgent 2.0.4 administrative HTTP endpoint allows remote attackers to bypass access controls and perform unauthorized administrative operations without credentials. Publicly available exploit code exists. EPSS risk not available; CVSS 7.3 reflects network-based attack requiring no privileges or user interaction. The vendor has not responded to the vulnerability disclosure (GitHub issue #2733) at time of analysis.
Code injection in FoundationAgents MetaGPT versions up to 0.8.1 allows unauthenticated remote attackers to execute arbitrary code via the Tree-of-Thought Solver's generate_thoughts function. Publicly available exploit code exists (GitHub issue #1933), and a vendor-supplied patch is available via pull request #1946. The vulnerability requires no user interaction and has low attack complexity, with confirmed impact to confidentiality, integrity, and availability. CVSS 7.3 (High) reflects moderate impact across all CIA triad elements.
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A logic error in the Linux kernel's BPF (Berkeley Packet Filter) verifier allows local attackers with low privileges to exploit verifier/runtime divergence and achieve out-of-bounds map access, enabling arbitrary memory read/write and privilege escalation. The flaw affects the maybe_fork_scalars() function which incorrectly handles BPF_OR operations during state forking, tracking destination register as 0 when the runtime value is K (the constant operand). Patches are available from kernel.org for versions 6.12.80, 6.18.21, 6.19.11, and 7.0-rc5. EPSS score is extremely low (0.01%) and no public exploit or active exploitation has been identified at time of analysis.
Command injection in AstrBot's MCP endpoint handler (add_mcp_server function) allows authenticated remote attackers to execute arbitrary system commands via the command parameter. Versions up to 4.22.1 are affected. The vulnerability is publicly disclosed with exploit code available on GitHub, and the vendor has not released a patch despite early notification.
OS command injection in 1Panel-dev MaxKB up to version 2.6.1 allows authenticated remote attackers to execute arbitrary operating system commands through manipulation of the Model Context Protocol Node's execute function in base_mcp_node.py, with publicly available exploit code and vendor-released patches available for remediation.
Remote code injection in Dromara warm-flow up to version 1.8.4 allows authenticated attackers to execute arbitrary code through the SpelHelper.parseExpression function via manipulation of listenerPath, skipCondition, or permissionFlag parameters in the Workflow Definition Handler. The vulnerability uses SpEL (Spring Expression Language) injection to achieve code execution with CVSS 6.3 severity. Publicly available exploit code exists and the flaw has been documented in the project's issue tracker.
Server-side request forgery (SSRF) in FoundationAgents MetaGPT up to version 0.8.1 allows authenticated remote attackers to conduct arbitrary requests via manipulation of the img_url_or_b64 parameter in the decode_image function of metagpt/utils/common.py. Publicly available exploit code exists, and a vendor patch has been released. The vulnerability carries a CVSS score of 6.3 with low confidentiality, integrity, and availability impact, but requires low-level authentication to exploit.
AstrBot versions up to 4.22.1 allow authenticated remote attackers to bypass sandbox restrictions via malicious file uploads to the install-upload endpoint (install_plugin_upload function), enabling arbitrary code execution with limited information disclosure and integrity impact. The vulnerability exists in the plugin installation mechanism and has publicly available exploit code; the vendor has been notified but has not yet responded with a patch.
Server-side request forgery (SSRF) in AstrBot API endpoint post_data.get allows authenticated remote attackers to perform arbitrary HTTP requests from the server, potentially exposing internal services or enabling data exfiltration. AstrBot versions up to 4.22.1 are affected. Publicly available exploit code exists, though vendor response remains pending despite early notification.
Cross-site scripting in parisneo/lollms prior to version 2.2.0 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim browsers via malicious HTML payloads injected through the unsanitized `content` field in the `AppLollmsMessage.from_dict` deserialization method. The changed scope (CVSS S:C) indicates impact beyond the vulnerable component, enabling session hijacking, account takeover, and potentially wormable attacks. Publicly available exploit code exists (reported v
Cross-site request forgery in FoundationAgents MetaGPT through version 0.8.1 allows unauthenticated remote attackers to perform unauthorized actions via the evaluateCode function in the Mineflayer HTTP API component. The vulnerability requires user interaction (UI:R) and has limited integrity impact, but publicly available exploit code exists and the vendor has not yet responded to early notification.