Path traversal in Qihui jtbc5 CMS 5.0.3.6 allows authenticated remote attackers to read arbitrary files via a manipulated path parameter in /dev/code/common/diplomat/manage.php. The vulnerability has a published exploit and affects the Code Endpoint component; the vendor has not responded to early disclosure. With CVSS 4.3 and EPSS probability marked as Proof-of-Concept, this represents a moderate confidentiality risk limited to authenticated users.
SQL injection in QueryMine SMS admin/editcourse.php parameter handler allows authenticated remote attackers to query or modify the database via a crafted ID parameter, with publicly available exploit code demonstrating the vulnerability. The affected product uses rolling releases with no versioning available, and the vendor has not responded to disclosure attempts. CVSS 5.3 reflects limited scope impact under authenticated access (PR:L), but real-world risk depends on network exposure of the administrative interface.
Path traversal in prasathmani TinyFileManager up to version 2.6 allows authenticated remote attackers to manipulate the file[] POST parameter in /filemanager.php to read, modify, or delete arbitrary files on the server outside the intended directory scope. CVSS 5.4 reflects the authenticated requirement and lack of confidentiality impact, though integrity and availability are compromised. Public exploit code exists and the vendor has not responded to disclosure, leaving users dependent on manual patching or upgrading.
Server-side request forgery (SSRF) in TinyFileManager file upload handler (versions up to 2.6) allows authenticated remote attackers to manipulate the uploadurl parameter and forge requests to arbitrary servers. The vulnerability affects the /filemanager.php?p=&ajax=true&type=upload endpoint and has publicly available exploit code; the vendor has not responded to disclosure attempts.
Unrestricted file upload vulnerability in QueryMine SMS admin panel allows authenticated remote attackers to upload arbitrary files via the image parameter in admin/addteacher.php, potentially enabling remote code execution. Affects all versions up to commit 7ab5a9ea196209611134525ffc18de25c57d9593. Public exploit code exists and the vendor has not responded to disclosure attempts.
Cross-site scripting (XSS) in lukevella Rallly up to version 4.7.4 allows authenticated users to inject malicious scripts via the redirectTo parameter in the reset password form, affecting the stored XSS vector with user interaction required. The vulnerability has public exploit code available and is mitigated by upgrading to version 4.8.0 or later. Real-world risk is limited by the requirement for authenticated access and user interaction, but the publicly available exploit increases attack feasibility.
Stored cross-site scripting (XSS) in Classroom Bookings up to version 2.17.0 allows authenticated users to inject malicious scripts via the displayname parameter in the User Display Name Handler component, resulting in arbitrary script execution in other users' browsers. The vulnerability requires user interaction (victim must view the affected page) and authenticated access, limiting immediate risk, but publicly available exploit code and vendor confirmation of the issue increase real-world threat. Upgrading to version 2.17.1 resolves the vulnerability.
Heap-based buffer overflow in libvips up to version 8.18.2 via the deprecated im_minpos_vec function in libvips/deprecated/vips7compat.c allows authenticated local attackers to trigger memory corruption through manipulation of the argument n, with publicly available exploit code confirmed and vendor commitment to remove the deprecated code in libvips 8.19.
Reflected cross-site scripting (XSS) in Stirling-PDF versions before 2.0.0 allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by uploading a file with a malicious filename containing script code. The vulnerability affects multiple file upload endpoints that render user-supplied filenames directly into HTML via unsafe DOM manipulation methods without sanitization. Attack requires user interaction (victim must upload the crafted file), limiting real-world impact. No public exploit code or active exploitation has been identified at time of analysis.
mcp-neo4j-cypher before version 0.6.0 allows authenticated users to bypass read-only mode enforcement via APOC CALL procedures, enabling unauthorized write operations and server-side request forgery against Neo4j databases. The vulnerability requires login credentials and attacker preparation (CVSS AT:P), limiting real-world risk to insider threats or compromised accounts with legitimate access to the MCP server.