EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery (SSRF) via a DNS rebinding (TOCTOU) condition. Host validation uses dns_get_record() but the actual HTTP request resolves hostnames through curl's internal resolver (gethostbyname()), allowing the two lookups to return different IP addresses for the same hostname. A secondary issue exists where an empty DNS result (due to DNS failure, IPv6-only domains, or non-existent hostnames) causes the validation to implicitly allow the host without further checks. An authenticated attacker with default attachment creation access can exploit this gap to bypass internal IP restrictions and scan internal network ports, confirm the existence of internal hosts, and interact with internal HTTP-based services, though data extraction from binary protocol services and remote code execution are not possible through this endpoint. This issue has been fixed in version 9.3.4.
A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete Job Posting Handler. Such manipulation of the argument ID leads to improper access controls. The attack can be launched remotely. The exploit is publicly available and might be used.
Cross-site scripting (XSS) in Simple ChatBox up to version 1.0 allows remote attackers to inject malicious scripts via the msg parameter in the /chatbox/insert.php endpoint, with user interaction required. The vulnerability has publicly available exploit code and affects the PHP-based chat application component. Impact is limited to integrity of user sessions, but the attack vector is remote and requires no authentication.
Cross-site scripting (XSS) in code-projects Simple Laundry System 1.0 allows remote attackers to inject arbitrary scripts via the serviceId parameter in /checkupdatestatus.php. The vulnerability requires user interaction (UI:R) and results in low integrity impact, but is publicly available with exploit code and has been disclosed. CVSS base score is 4.3 with relatively low real-world risk due to UI requirement and limited impact scope, though the presence of public POC increases adoption likelihood among less-skilled attackers.
A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
SQL injection in itsourcecode Construction Management System 1.0 allows authenticated remote attackers to manipulate the Name parameter in /equipments.php, leading to unauthorized data access or modification. The CVSS score of 5.3 reflects low confidentiality and integrity impact, and the extremely low EPSS score (0.03%, 8th percentile) indicates minimal real-world exploitation likelihood despite publicly available exploit code.
SQL injection in itsourcecode Construction Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the Name parameter in /employees.php, resulting in confidentiality, integrity, and authenticity breaches. The vulnerability requires low-privilege authentication and has publicly available exploit code, elevating practical risk despite the moderate CVSS score of 6.3.
Permissive cross-domain policy in farion1231 cc-switch up to version 3.12.3 allows authenticated remote attackers to access sensitive information and modify data across untrusted domains via misconfigured CORS headers in the ProxyServer component. Publicly available exploit code exists, and vendor patches are available; this represents a moderate but actively exploitable configuration flaw affecting networked deployments.
A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handler. Such manipulation of the argument streamIp leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.4.2 allows authenticated remote attackers to inject malicious scripts via the MdPreview component in ui/src/chat.ts, requiring user interaction to execute. Publicly available exploit code exists for this vulnerability. The vendor released patched version 2.5.0 addressing the flaw with commit 7230daa5ec3e6574b6ede83dd48a4fbc0e70b8d8.
Reflected cross-site scripting (XSS) in PHPGurukul Company Visitor Management System 2.0 allows authenticated remote attackers to inject malicious scripts via the fromdate parameter in /bwdates-reports-details.php. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), but publicly available exploit code exists, elevating practical risk despite the moderate CVSS score of 5.1.
A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
Stored cross-site scripting (XSS) in code-projects Simple Content Management System 1.0 allows authenticated high-privilege attackers to inject malicious scripts via the News Title parameter in /web/admin/welcome.php, affecting all versions of the product. The vulnerability requires user interaction (UI:R) to execute but has publicly available exploit code and a low CVSS score (2.4) due to high privilege requirements and limited impact scope.
Integer overflow in OpenJPEG's opj_pi_initialise_encode function (versions 2.5.0-2.5.4) allows authenticated local attackers to trigger availability impact via crafted input to the pi.c library module. The vulnerability has a publicly available proof-of-concept and carries an EPSS score of 0.01% (2nd percentile), reflecting minimal real-world exploitation likelihood despite the presence of exploit code. Patch commit 839936aa33eb8899bbbd80fda02796bb65068951 is available from the vendor.
{ return ErrUnauthorized } err = bcrypt.CompareHashAndPassword(user.PasswordHash, []byte(password)) ``` This creates a measurable timing discrepancy between: - **existing username + wrong password** requests, which incur bcrypt cost - **nonexistent username + any password** requests, which avoid bcrypt entirely Because no constant-time equalization is performed, the endpoint leaks account existence through timing behavior. The measurements provided show a large and consistent gap between the two cases across repeated trials, making the difference distinguishable without requiring especially high request volume. In the supplied test results: - existing user requests averaged about `0.0616s` - nonexistent user requests averaged about `0.0027s` That gap is large enough to support reliable username enumeration under typical testing conditions. The issue can be reproduced by sending repeated authentication attempts to the login endpoint using the same invalid password while alternating between a known valid username and a nonexistent username, then comparing average response times. Valid usernames consistently take longer because bcrypt verification is performed. - **Type:** Timing side-channel / username enumeration - **Who is impacted:** Any deployment exposing the affected login endpoint - **Security impact:** Unauthenticated attackers can confirm valid usernames one at a time, improving the effectiveness of credential stuffing, password spraying, phishing, and other targeted account attacks - **Attack preconditions:** None beyond network access to the login endpoint - **Confidentiality impact:** Low to moderate, depending on the sensitivity of account existence in the target environment
SQL injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0 at /rsms/admin/repairs/manage_repair.php allows authenticated administrators to extract or modify limited database information. The attack requires high-level administrative privileges and produces only confidentiality impact; EPSS probability is minimal (0.02%), and CISA SSVC assessment indicates no evidence of real-world exploitation.
SQL injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0 allows authenticated high-privilege users to read sensitive database content via crafted input in the repairs details viewer. The vulnerability requires admin-level authentication and carries minimal real-world risk given the CVSS 2.7 score, EPSS 0.02% exploitation probability, and CISA SSVC assessment indicating no known exploitation, non-automatable attack, and only partial technical impact (confidentiality). No active exploitation has been confirmed.
SQL injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0 allows authenticated administrators to execute arbitrary SQL queries via the /rsms/admin/clients/manage_client.php endpoint, potentially exposing sensitive data with low confidentiality impact. The vulnerability requires high-privilege administrator authentication and carries minimal real-world risk (EPSS 0.02%, SSVC indicates no exploitation activity), but represents a common code quality issue in open-source PHP applications that warrants remediation during security updates.
SQL Injection in Sourcecodester Online Resort Management System v1.0 allows authenticated administrators to extract or modify database contents via the /orms/admin/rooms/manage_room.php endpoint. The vulnerability requires high-privilege administrative access and has minimal real-world impact given the CVSS score of 2.7, EPSS exploitation probability of 0.02%, and CISA SSVC determination of non-exploitable status with only partial technical impact. No active exploitation has been confirmed.
SQL injection in Sourcecodester Online Resort Management System v1.0 allows authenticated high-privilege users to execute arbitrary SQL queries via the /orms/admin/reservations/view_details.php endpoint, resulting in limited information disclosure. The vulnerability requires administrative access and carries minimal real-world risk due to CVSS 2.7, EPSS 0.02% (6th percentile), and SSVC framework assessment indicating no active exploitation and non-automatable attack requirements.
SQL injection in Sourcecodester Online Resort Management System v1.0 allows high-privileged authenticated attackers to query the database with limited confidentiality impact via the /orms/admin/rooms/view_room.php endpoint. The CVSS score of 2.7 and EPSS percentile of 6% reflect low real-world exploitation probability; SSVC assessment confirms no known automated exploit path and only partial technical impact (information disclosure). No public exploit code or active exploitation has been identified.
SQL injection in Sourcecodester Basic Library System v1.0 allows high-privilege authenticated attackers to extract limited information from the database via crafted input to /librarysystem/load_book.php. The vulnerability requires administrative credentials and has very low real-world risk (EPSS 0.02%, CVSS 2.7) with no public exploit code identified; CISA does not list it as actively exploited.
SQL injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0 at /rsms/admin/services/view_service.php allows authenticated administrators to extract sensitive database information with low complexity. The vulnerability requires high-privilege (admin) access and does not enable data modification or denial of service, limiting real-world impact despite the unauthenticated attack vector network availability. No active exploitation or public proof-of-concept tools have been confirmed; EPSS score of 0.02% and SSVC framework rating 'none' exploitation status indicate minimal practical risk despite CVSS 2.7 rating.
SQL Injection in Sourcecodester Cab Management System 1.0 allows high-privilege administrators to extract limited database information via the /cms/admin/bookings/view_booking.php endpoint. The vulnerability requires authenticated admin access and carries minimal real-world risk given its low EPSS score (0.02%) and CISA SSVC assessment indicating no exploitation status, non-automatable exploitation, and only partial technical impact.
SQL injection in Sourcecodester Basic Library System v1.0 allows high-privilege authenticated attackers to extract sensitive data via the /librarysystem/load_admin.php endpoint. The vulnerability requires administrative authentication, limiting exposure to compromised or malicious admin accounts. EPSS exploitation probability is minimal at 0.02% (6th percentile), and no public exploit code has been identified, making this a low-priority issue despite the SQL injection vector.
SQL injection in Sourcecodester Cab Management System v1.0 allows high-privilege authenticated attackers to extract sensitive data via the /cms/admin/categories/view_category.php endpoint. The vulnerability requires administrative credentials and has minimal real-world impact (CVSS 2.7, EPSS 0.02%), with no evidence of active exploitation or public exploit code.
SQL injection in Sourcecodester Basic Library System v1.0 at /librarysystem/load_student.php allows high-privilege authenticated attackers to read sensitive database information. The vulnerability requires administrative-level privileges and manual user interaction is absent, but real-world risk is minimal due to extremely low EPSS score (0.02%), CVSS severity of 2.7, and CISA SSVC assessment indicating no exploitation activity, non-automatable conditions, and only partial technical impact.
SQL injection in Sourcecodester Online Reviewer System v1.0 allows high-privileged authenticated attackers to conduct limited information disclosure through the exam update functionality at /system/system/admins/assessments/examproper/exam-update.php. The vulnerability carries minimal real-world risk due to required administrative privileges (PR:H), low EPSS exploitation probability (0.02%), and CISA SSVC assessment indicating no exploitation trend, non-automatable attack, and only partial technical impact.
SQL injection in Sourcecodester Online Reviewer System v1.0 allows high-privileged authenticated users to extract limited data via a crafted SQL query in the questions-view.php endpoint. The vulnerability requires administrator-level credentials and lacks evidence of active exploitation or public exploit tooling, resulting in a minimal real-world risk profile despite confirmed SQL injection capability.
SQL injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0 at /rsms/admin/inquiries/view_details.php allows high-privileged authenticated administrators to extract limited data via crafted SQL queries. The vulnerability requires admin-level access and produces only confidentiality impact with minimal real-world exploitation likelihood (EPSS 0.02%, CVSS 2.7, SSVC framework indicates no practical exploitation path).
SQL injection in Sourcecodester Online Resort Management System v1.0 allows high-privilege authenticated attackers to read sensitive application data via crafted input to the /orms/admin/activities/manage_activity.php endpoint. The vulnerability requires administrator-level credentials and produces only confidentiality impact with negligible real-world exploitation risk, as indicated by 0.02% EPSS score and CISA SSVC partial technical impact assessment.
SQL injection in Sourcecodester Online Thesis Archiving System v1.0 allows high-privilege authenticated attackers to extract sensitive information via the /otas/projects_per_department.php endpoint. The vulnerability requires admin-level credentials (PR:H per CVSS) and has minimal confidentiality impact with an EPSS score of 0.01%, indicating very low real-world exploitation probability despite public disclosure on GitHub.
SQL injection in Sourcecodester Online Thesis Archiving System v1.0 at /otas/admin/curriculum/manage_curriculum.php allows authenticated high-privileged administrators to extract sensitive database information through unsanitized query parameters. With a CVSS score of 2.7 and EPSS of 0.01% (2nd percentile), this vulnerability presents minimal real-world risk despite valid SQL injection mechanics, as exploitation requires admin-level credentials and yields only confidentiality impact. No public exploit code or active exploitation has been confirmed.
Use-after-free vulnerability in HarmonyOS screen management module allows local, unauthenticated attackers with user interaction to cause denial of service through a race condition. CVSS score of 2.5 reflects low severity with availability impact only; no confidentiality or integrity compromise. No public exploit code or active exploitation confirmed at time of analysis.
OS command injection in danielmiessler Personal_AI_Infrastructure up to version 2.3.0 allows authenticated remote attackers to execute arbitrary system commands via a malicious URL parameter in the parse_url.ts parser tool. The vulnerability requires low-privilege authentication and has publicly available exploit code; the vendor released a patched version promptly after disclosure.
Race condition in Huawei HarmonyOS event notification module allows local authenticated users with user interaction to cause denial of service through availability impact. The vulnerability requires local access, high attack complexity, and user interaction; with a CVSS score of 2.2, it represents minimal real-world risk. No public exploit code or active exploitation has been confirmed at this time.
Stored Cross-Site Scripting (XSS) in Pandora FMS versions 777 through 800 allows authenticated users with low privileges to inject malicious scripts via event comments, which execute in the browsers of other users viewing those comments. The vulnerability has a CVSS score of 2.1 with low confidentiality and integrity impact, requiring user interaction and attack preparation time to exploit. No public exploit code or active exploitation has been identified.
A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 7.1.5 mitigates this issue. It is advisable to upgrade the affected component.
Remote code execution in Palo Alto Networks Autonomous Digital Experience Manager on Windows via certificate validation bypass allows unauthenticated attackers with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges. CVSS score is 2.0 but reflects a physical adjacency attack vector (AV:P); real-world risk depends on network topology and whether the manager is exposed on trusted adjacent networks. No public exploit code or active exploitation has been confirmed at time of analysis.
Race condition in Huawei HarmonyOS notification service allows local high-privilege attackers to cause limited availability impact through timing-dependent exploitation. CVSS 1.9 reflects minimal real-world risk due to high attack complexity, elevated privileges, and no confidentiality or integrity effects. No public exploit code or active exploitation confirmed.
Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON error response includes the serialized order object (order), which contains some sensitive fields such as customer email, shipping address, and billing address. The frontend payment flow's actionPay() retrieves orders by number before authorization is fully enforcedLoad order by number. This issue has been fixed in versions 4.11.0 and 5.6.0.