Server-Side Request Forgery (SSRF) in InternLM LMDeploy's vision-language module allows remote unauthenticated attackers to access cloud metadata services, internal networks, and sensitive resources through unvalidated URL fetching in the load_image() function. Affects all versions prior to 0.12.3. EPSS score not available; no public exploit identified at time of analysis. Patch released in version 0.12.3.
Buffer overflow in Tenda F451 router firmware 1.0.0.7_cn_svn7958 allows authenticated remote attackers to achieve complete compromise via the SafeClientFilter function. The httpd service improperly validates 'menufacturer' and 'Go' parameters, enabling memory corruption that leads to code execution with firmware-level privileges. A public exploit (GitHub PoC) exists, but no CISA KEV listing indicates exploitation remains proof-of-concept rather than widespread. EPSS data unavailable; CVSS 7.4 reflects network attack vector with low complexity, though low-privilege authentication is required.
Buffer overflow in Tenda F451 router (version 1.0.0.7_cn_svn7958) allows authenticated remote attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability exists in the httpd component's webExcptypemanFilter function, exploitable via malicious 'page' parameter input to /goform/webExcptypemanFilter. Public exploit code is available on GitHub (CVSS 7.4, CWE-120). EPSS data not provided, not listed in CISA KEV. This targets a specific legacy Chinese firmware version of a consumer-grade router with known end-of-life support issues.
Remote buffer overflow in Tenda F451 router (version 1.0.0.7_cn_svn7958) allows authenticated attackers to achieve arbitrary code execution via crafted DHCP server configuration requests. The vulnerability exists in the httpd service's /goform/GstDhcpSetSer endpoint, exploitable by manipulating the 'dips' parameter. Public exploit code is available on GitHub, significantly lowering exploitation barriers for authenticated attackers with network access to the router's management interface.
Remote code execution in silex technology SD-330AC and AMC Manager allows unauthenticated network attackers to execute arbitrary code via heap-based buffer overflow when processing redirect URLs. CVSS 9.3 critical severity with attack vector AV:N/AC:L/PR:N/UI:N indicates trivial exploitation against internet-facing devices. No public exploit identified at time of analysis, though JPCERT coordination suggests vendor-confirmed vulnerability. EPSS data not available; real-world risk depends on internet exposure of affected silex wireless bridge and management software installations.
Prototype pollution in brikcss merge library versions 1.0 through 1.3.0 enables remote unauthenticated attackers to inject malicious properties into JavaScript Object prototypes via crafted __proto__, constructor.prototype, or prototype arguments, potentially leading to information disclosure, authentication bypass, or denial of service. Publicly available exploit code exists (GitHub PoC from sudo-secure). CVSS 7.3 with network vector and no authentication required. Vendor unresponsive to disclosure attempts.
Stack-based buffer overflow in silex technology's SD-330AC (Ver.1.42 and earlier) and AMC Manager (Ver.5.0.2 and earlier) enables authenticated remote attackers to execute arbitrary code on the device via maliciously crafted redirect URLs. Reported by JPCERT with vendor advisories published, though EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability. No active exploitation confirmed (not in CISA KEV), and SSVC assessment marks exploitation status as 'none' despite the critical nature of remote code execution capability.
SD-330AC wireless LAN modules and AMC Manager devices from silex technology allow unauthenticated remote attackers to modify device configuration using null-string passwords when devices remain in factory-default state. CVSS:4.0 8.7 (High Vector, High Integrity Impact) rates this as high severity due to network-based attack vector with no authentication required (AV:N/PR:N/UI:N). EPSS probability remains low at 0.03% (8th percentile), suggesting limited observed exploitation attempts. No active exploitation confirmed at time of analysis per available intelligence. Vulnerability class CWE-1188 (insecure default initialization) represents common industrial IoT security gap where devices ship with unsafe out-of-box configurations.
Weak cryptographic implementation in Silex Technology SD-330AC wireless LAN adapters (v1.42 and earlier) and AMC Manager software (v5.0.2 and earlier) allows network-positioned attackers to intercept and decrypt network traffic through man-in-the-middle attacks. The vulnerability stems from use of broken or risky cryptographic algorithms (CWE-327), enabling confidentiality breach of transmitted data. EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability, and CISA SSVC framework classifies this as non-exploited with non-automatable attacks requiring attacker positioning. No public exploit code or active exploitation reported at time of analysis.
Remote code execution in Spinnaker's clouddriver component allows authenticated attackers to execute arbitrary commands on clouddriver pods via gitrepo artifact processing. Affects all versions prior to patched releases 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2. The vulnerability enables credential theft, file manipulation, and resource injection with minimal complexity (CVSS 9.9, AV:N/AC:L/PR:L). EPSS data not available; no public exploit or active exploitation confirmed at time of analysis, but the attack simplicity and multi-cloud CD platform context create high risk for supply chain compromise in containerized environments.
Remote code execution in Spinnaker's Echo service (all versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2) allows authenticated attackers with low privileges to execute arbitrary system commands and access files through unrestricted Spring Expression Language (SPeL) injection in artifact processing. Unlike Spinnaker's Orca service which implemented SPeL sandbox restrictions, Echo permits full JVM class access, enabling attackers to invoke arbitrary Java classes for deep system compromise. The CVSS 9.9 score reflects network attack vector with low complexity, scope change to impact other components, and complete CIA triad compromise. EPSS and KEV data not available - exploitation status unknown but patches are available from Spinnaker project.
{username} endpoint. The vulnerability stems from missing authorization checks on self-service user updates - any valid login credential is sufficient to escalate privileges to roles like 'manager' or 'developer'. CVSS 9.9 (Critical) reflects the Changed scope and broad compromise potential. SSVC indicates proof-of-concept code exists but exploitation requires human interaction (not automatable), suggesting targeted rather than mass-exploitation risk. No CISA KEV listing at time of analysis.
Remote code execution in SGLang 0.5.9's /v1/rerank endpoint allows unauthenticated attackers to execute arbitrary code by loading specially crafted model files with malicious Jinja2 templates. The vulnerability stems from unsandboxed rendering of tokenizer.chat_template fields, enabling template injection attacks. Publicly available exploit code exists (GitHub POC by Stuub). With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and SSVC ratings of automatable with total technical impact, this represents critical risk for exposed SGLang deployments handling untrusted model files.
OpenXiangShan NEMU emulator's RISC-V Hypervisor extension implementation allows VS-mode guest writes to the sie (supervisor interrupt-enable) CSR to corrupt machine-level mie state, breaking privilege isolation between virtualization layers. Fixed in commit 55295c4 per GitHub PR #938. Despite CVSS 9.8 Critical rating with network attack vector (AV:N), the EPSS score of 0.03% (9th percentile) indicates extremely low observed exploitation probability, and the vulnerability specifically affects RISC-V emulator environments rather than typical network-accessible services. No CISA KEV listing or public exploit identified at time of analysis, suggesting this is a theoretical high-severity issue in specialized research/development contexts rather than an imminent widespread threat.
Heap buffer overflow in glibc scanf functions versions 2.7 through 2.43 allows remote unauthenticated attackers to execute arbitrary code by providing malicious input to applications using %mc format specifiers with width >1024. CVSS 9.8 indicates critical network-accessible impact, but EPSS score of 0.02% (5th percentile) suggests minimal real-world exploitation activity at time of analysis. No CISA KEV listing confirms this as a theoretical risk requiring specific application usage patterns rather than widespread active exploitation. Successful exploitation depends on target applications parsing attacker-controlled input through affected scanf family functions with specific format string configurations.
NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/CBCFE/CBZE-related fields) is incorrectly masked/updated based on menvcfg[7:4], so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to incorrect enforcement of virtualization configuration and may cause unexpected traps or denial of service when executing cache-block management instructions in virtualized contexts (V=1).
Remote code execution in ASUSTOR ADM (ASUSTOR Data Master) operating system versions 4.1.0-4.3.3.RR42 and 5.0.0-5.1.2.REO1 allows authenticated administrators to inject arbitrary OS commands via the PPTP VPN Clients web interface. The command injection (CWE-78) bypasses the restricted web environment, enabling full system compromise. Attack complexity is low (AC:L) with network attack vector (AV:N), and CVSS 9.4 reflects critical impact across confidentiality, integrity, and availability. No active exploitation or public POC confirmed at time of analysis, though EPSS probability data not available.
Missing authentication in serge-chat serge up to version 1.4TB allows unauthenticated remote attackers to manipulate the download_model and delete_model API endpoints, enabling unauthorized model file deletion and modification through the Model API Endpoint in api/src/serge/routers/model.py. The vulnerability is confirmed to have publicly available exploit code and represents a direct authentication bypass with integrity and availability impact. The vendor did not respond to early disclosure notification.
Path traversal in TransformerOptimus SuperAGI versions up to 0.0.14 allows remote unauthenticated attackers to read, write, or delete arbitrary files via manipulated 'Name' parameter in multipart upload requests. Publicly available exploit code exists (GitHub Gist) demonstrating exploitation. EPSS data unavailable, not currently listed in CISA KEV. CVSS 7.3 reflects network-accessible attack with no authentication barrier, though impact is rated as 'Low' across confidentiality, integrity, and availability - likely indicating file system scope limitations rather than full system compromise.
Improper authentication in rowboatlabs rowboat (versions up to 0.1.67) allows remote unauthenticated attackers to bypass authentication by manipulating the X-Tools-JWE header in the tools_webhook component. The vulnerability enables unauthorized access with low confidentiality, integrity, and availability impact. A public exploit exists (CVSS E:P). The vendor did not respond to early disclosure attempts. EPSS data unavailable; not listed in CISA KEV, suggesting limited widespread exploitation despite public POC.
Resource exhaustion in lm-sys FastChat up to 0.2.36 allows remote attackers to trigger denial of service by sending manipulated requests to the Worker API Endpoint's api_generate function. The vulnerability has publicly available exploit code and is confirmed patched upstream, though the fix in commit c9e84b89c91d45191dc24466888de526fa04cf33 addresses only the primary entry point in base_model_worker.py while missing other vulnerable code paths. EPSS score of 5.5 (CVSS 4.0) indicates low to moderate real-world exploitation probability despite public exploit availability.
Prototype pollution in extend-deep npm package (up to 0.1.6) enables remote attackers to manipulate JavaScript object prototypes via crafted __proto__ payloads, achieving low-severity confidentiality, integrity, and availability impacts. Public exploit code exists on GitHub. CVSS 7.3 with network attack vector and no authentication required. Project repository inactive for years, making official patch unlikely. EPSS data unavailable, but prototype pollution attacks are well-understood and automatable. Not listed in CISA KEV, suggesting limited widespread exploitation despite public POC.
Remote code execution in ModelScope AgentScope up to version 1.0.18 allows unauthenticated network attackers to inject and execute arbitrary Python code or shell commands through the execute_python_code and execute_shell_command functions in src/AgentScope/tool/_coding/_python.py. Publicly available exploit code exists, and the vendor has not responded to early disclosure notifications, leaving all versions up to 1.0.18 unpatched and actively exploitable.
Server-side request forgery (SSRF) in Mogu Blog v2 up to version 5.2 allows unauthenticated remote attackers to initiate arbitrary HTTP requests from the affected server through the picture upload functionality. The vulnerability exists in the LocalFileServiceImpl.uploadPictureByUrl method within the Picture Storage Service component, enabling attackers to access internal services, scan internal networks, or exfiltrate sensitive data. Publicly available exploit code exists, and the vendor has not responded to early disclosure notifications.
Modelscope AgentScope versions up to 1.0.18 contain a server-side request forgery (SSRF) vulnerability in the _process_audio_block function that allows remote unauthenticated attackers to manipulate the 'url' argument and trigger arbitrary HTTP requests from the vulnerable server. Publicly available exploit code exists, and the vendor has not responded to disclosure attempts, leaving affected deployments without an official patch.
Server-side request forgery in ModelScope AgentScope up to version 1.0.18 allows remote unauthenticated attackers to manipulate the _get_bytes_from_web_url function in src/agentscope/_utils/_common.py, enabling them to make arbitrary HTTP requests from the affected server. Publicly available exploit code exists, and the vendor has not responded to early disclosure attempts, leaving affected installations vulnerable to attackers probing internal networks and services.
Server-side request forgery (SSRF) in ModelScope AgentScope up to version 1.0.18 allows remote unauthenticated attackers to manipulate image_url and audio_file_url parameters in the _parse_url, prepare_image, and openai_audio_to_text functions, enabling arbitrary HTTP requests from the affected server. The vulnerability has publicly available exploit code and affects the Cloud Metadata Endpoint component. The vendor has not responded to early disclosure attempts, and exploitation is confirmed to be possible with low attack complexity.
Unrestricted file upload in rickxy Hospital Management System allows remote unauthenticated attackers to upload malicious files via the /backend/admin/his_admin_account.php endpoint, leading to potential remote code execution, data exfiltration, or system compromise. Public exploit code exists (GitHub), significantly lowering exploitation barrier. The product uses rolling releases with no fixed versioning, complicating patch tracking. CVSS 7.3 with EPSS not provided, but publicly available POC elevates real-world risk.
Unrestricted file upload in Langflow (langflow-ai) versions up to 1.1.0 allows remote unauthenticated attackers to upload arbitrary files via the create_upload_file API endpoint, potentially leading to remote code execution, data manipulation, and service disruption. Publicly available exploit code exists (CVSS:3.1 E:P) with GIST-hosted POC, elevating immediate risk. Vendor unresponsive to disclosure at time of publication.
Information disclosure in lm-sys FastChat up to version 0.2.36 allows remote unauthenticated attackers to manipulate the add_text function in the Arena Side-by-Side View Handler, resulting in incorrect control flow that exposes sensitive data. The vulnerability has publicly available exploit code and affects the web-based arena comparison interface. A partial fix was applied in commit 34eca62 to gradio_block_arena_named.py, but three additional affected files remain unpatched.
SQL injection in Metasoft MetaCRM versions up to 6.4.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the 'sql' parameter in sql.jsp interface endpoint. Publicly available exploit code exists (disclosed via Feishu document), enabling attackers to read/modify database contents and potentially execute commands. CVSS 7.3 (High) with network vector and low complexity. Vendor non-responsive to disclosure, leaving patch status uncertain. EPSS data not provided but POC availability elevates practical exploitation risk.
SQL injection in ProjectsAndPrograms School Management System allows remote unauthenticated attackers to compromise database confidentiality, integrity, and availability via the bus_id parameter in buslocation.php. The vulnerability affects all versions up to commit 6b6fae5, with publicly available exploit code (EPSS not provided). Vendor was notified but did not respond, leaving the product vulnerable at time of analysis. The rolling release model means no fixed version number exists.
Permissive CORS policy in ericc-ch copilot-api up to version 0.7.0 allows remote attackers to access the Token Endpoint without authentication, enabling cross-domain requests from untrusted origins. The vulnerability exists in the cors function of src/server.ts and permits information disclosure with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, elevating real-world risk despite the moderate CVSS 6.9 score.
SQL injection in Apartment Visitors Management System V1.1's login form allows remote unauthenticated attackers to bypass authentication and extract database contents via the username parameter. The vulnerability scores 9.4 CVSS with network attack vector and low complexity. Public exploit code exists (SSVC confirms POC status), making this immediately exploitable. EPSS data unavailable, but SSVC framework rates it as automatable with partial technical impact, indicating high practical risk for internet-exposed installations.
Remote code execution with container escape in Flowsint OSINT tool allows unauthenticated attackers to execute arbitrary OS commands as root on the host machine. The vulnerability exploits shell metacharacter injection in the 'org_to_asn' transformer when processing organization nodes in OSINT sketches. With CVSS 9.3 (CVSS 4.0), network attack vector, low complexity, and no authentication required, this represents critical risk to any internet-exposed Flowsint instance. Upstream fix committed (b52cbbb904c) removes vulnerable code, but no tagged release version confirmed yet. CVSS vector indicates proof-of-concept exploit exists (E:P).
SQL Injection in Digiwin EasyFlow .NET enables unauthenticated remote attackers to execute arbitrary SQL commands against the application database, allowing full compromise of data confidentiality, integrity, and availability. Taiwan CERT (TWCERT) publicly disclosed this critical vulnerability with CVSS 9.3 scoring, indicating network-accessible exploitation requiring no authentication or user interaction. No CISA KEV listing identified at time of analysis, suggesting either limited deployment scope or recent disclosure. EPSS data not provided, but CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates trivial exploitation if product is internet-facing.
Critical SQL injection in Digiwin EasyFlow .NET allows unauthenticated remote attackers to execute arbitrary SQL commands against the application database. With maximum CVSS 4.0 score of 9.3 and network-accessible attack vector requiring no privileges or user interaction, this vulnerability enables complete database compromise. Taiwan CERT reported this issue, indicating regional targeting or discovery. No active exploitation confirmed in CISA KEV at time of analysis, but the combination of trivial exploitation conditions and catastrophic impact warrants immediate priority.
Remote code execution in Vvveb CMS v1.0.8 allows authenticated administrators to execute arbitrary system commands as www-data via a two-stage file upload attack. Attackers exploit a logic flaw in the media management file rename handler that fails to block .php and .htaccess extensions, enabling MIME type manipulation followed by PHP code execution. VulnCheck published an advisory and GitHub commit 6fb8eaa confirms upstream fix. No EPSS data available; no active exploitation confirmed at time of analysis.
Remote code execution in Vvveb CMS versions prior to 1.0.8.1 allows unauthenticated attackers to inject arbitrary PHP code through the installation endpoint's subdir parameter, which is written directly into env.php without sanitization. The vulnerability enables complete system compromise as the web server user with no authentication required. Publicly available patch exists (version 1.0.8.1) with detailed fix commit reference.
Stored cross-site scripting in Vvveb prior to 1.0.8.1 allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript in administrator browsers by bypassing MIME type validation with a GIF89a header prepend, renaming files to .html extensions, and injecting malicious payloads that can create backdoor accounts or upload remote code execution plugins. Publicly available exploit code exists and vendor-released patch 1.0.8.1 is available. Real-world risk is moderate due to authentication requirement and required user interaction (administrator must visit malicious page), but privilege escalation path to RCE via plugin upload makes this a critical persistence vector.
Apache Kafka 4.1.0 and 4.1.1 accept forged JWT tokens without signature validation, allowing remote unauthenticated attackers to authenticate as any user and gain unauthorized access to Kafka resources. The default SASL/OAUTHBEARER validator (DefaultJwtValidator) fails to verify token signatures, issuers, or audiences, enabling complete authentication bypass. CVSS 9.1 (Critical) with network vector and no privileges required. SSVC indicates the vulnerability is automatable with partial technical impact. No active exploitation confirmed at time of analysis, but the attack requires minimal sophistication and could be scripted trivially given the token acceptance behavior.
Authentication bypass in silex technology SD-330AC (≤1.42) and AMC Manager (≤5.0.2) allows remote attackers to gain unauthorized access by sending specially crafted packets that exploit residual sensitive data in memory. Attacker can log in without valid credentials due to improper clearance of authentication tokens or session data between requests. EPSS score of 0.03% (7th percentile) indicates low observed exploitation probability. JPCERT/CC reported this vulnerability, and vendor advisory confirms patches are available. Requires user interaction (CVSS 4.0 UI:P), limiting automated exploitation.
Buffer overflow in glibc's obsolete NIS authentication function allows remote attackers to compromise integrity and availability via spoofed UDP responses. Affects all glibc versions through 2.43, but exploitation requires the target application to actively use the deprecated nis_local_principal function (obsolete since glibc 2.26). EPSS score of 0.02% (5th percentile) indicates low real-world exploitation probability, consistent with the narrow attack surface of legacy NIS deployments. No active exploitation or public exploit code identified at time of analysis.
Account takeover in OpenAEV cyber adversary simulation platform (versions 1.0.0 through 2.0.12) allows remote unauthenticated attackers to reset any user's password via non-expiring 8-digit reset tokens. By mass-generating tokens (which never expire) and brute-forcing the small token space, attackers can reliably compromise administrator accounts within minutes, leading to full platform compromise including modification of payloads executed on all agent-deployed hosts. EPSS data not provided; no CISA KEV listing identified at time of analysis. Vendor-released patch available in version 2.0.13.
Unauthenticated arbitrary file upload in Silex Technology SD-330AC and AMC Manager firmware maintenance functions allows remote attackers to upload malicious files without credentials, potentially leading to device compromise or unauthorized firmware modification. The CVSS score of 5.3 reflects limited integrity impact in a network-accessible service with no authentication requirement, though the real-world risk depends on what actions an attacker can perform post-upload.
SD-330AC and AMC Manager by Silex Technology lack authentication controls on critical configuration functions, allowing remote attackers to modify device settings without credentials. The CVSS score of 5.3 reflects network-accessible integrity impact with no complexity barrier, though confidentiality and availability are not directly affected. No active exploitation has been confirmed in CISA KEV or public exploit repositories at the time of analysis.
CRLF injection in Silex Technology SD-330AC and AMC Manager allows unauthenticated remote attackers to inject arbitrary configuration entries via crafted input, degrading system integrity and availability. The vulnerability affects all versions of both products and requires no authentication or user interaction, with public disclosure through JPCERT and vendor advisories indicating elevated awareness in production environments.
Heap-based buffer overflow in Silex SD-330AC and AMC Manager packet processing allows remote unauthenticated attackers to trigger a temporary denial-of-service condition via crafted network packets to the sx_smpd service. CVSS score is 5.3 (moderate) with confirmed active reporting by JPCERT, though no public exploit code or CISA KEV listing is evident from available data. Attack requires only network access and no authentication or user interaction.
Hard-coded cryptographic keys in Silex Technology SD-330AC and AMC Manager enable attackers to forge firmware updates that administrative users may be tricked into applying via social engineering, allowing arbitrary firmware installation without detection. The vulnerability affects all versions of both products and exploits a fundamental key management flaw (CWE-321). While the CVSS score of 6.5 reflects network accessibility and high integrity impact, real-world exploitation requires user interaction (UI:R) to convince an administrator to install malicious firmware.
Missing authentication in Dell PowerProtect Data Domain 7.7.1.0-8.6 and LTS releases allows remote unauthenticated attackers to execute arbitrary commands with root privileges when combined with user interaction. Affects enterprise backup appliances across multiple release branches including LTS2025 (8.3.1.0-8.3.1.20) and LTS2024 (7.13.1.0-7.13.1.60). CVSS 8.8 with network vector but requires user interaction (UI:R), reducing immediate automation risk. No EPSS or KEV data available at time of analysis, indicating vulnerability is newly disclosed. Dell security advisory DSA-2026-060 confirms patch availability.