OS command injection in Totolink A8000RU firmware 7.1cu.643_b20200521 enables remote unauthenticated attackers to execute arbitrary system commands via the pptpPassThru parameter in the setVpnPassCfg function. Public exploit code exists on GitHub, dramatically lowering the barrier to exploitation. CVSS v4.0 base score of 8.9 reflects network attack vector, low complexity, and no authentication requirements, with high impact to confidentiality, integrity, and availability of the vulnerable device.
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the SafeUrlFilter functionality of the httpd web server component, triggered by manipulating the 'page' parameter. A public proof-of-concept exploit is available on GitHub, significantly lowering the barrier to exploitation, though no CISA KEV listing or widespread exploitation has been confirmed at time of analysis.
Buffer overflow in Tenda F456 router firmware 1.0.0.5 enables remote authenticated attackers to achieve arbitrary code execution via crafted HTTP requests to the /goform/setcfm endpoint in the httpd service. The vulnerability affects the funcname and funcpara1 parameters and has a publicly available exploit on GitHub, significantly lowering the barrier for exploitation. CVSS v4.0 base score of 7.4 reflects high confidentiality, integrity, and availability impact with low attack complexity, though the requirement for low-privilege authentication provides some defense. No vendor patch has been identified for this IoT router vulnerability.
Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to overflow buffers in the httpd service via crafted menufacturer/Go parameters to the VirtualSer endpoint. Public exploit code exists on GitHub (Litengzheng/vuldb_new), enabling attackers with low-privilege credentials to achieve complete system compromise. While CVSS rates this 7.4 (High) with network attack vector and low complexity, the requirement for authentication (PR:L) moderates real-world risk compared to unauthenticated RCE - priority depends on whether default credentials are documented or credential stuffing is viable against target deployments.
Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to execute arbitrary code via malformed PPTP client parameters. The vulnerability resides in the fromPptpUserAdd function of the httpd web server component, specifically through manipulation of the opttype/usernamewith arguments. Public exploit code is available on GitHub, significantly lowering the barrier for exploitation against internet-exposed Tenda F456 devices with default or weak administrative credentials.
Buffer overflow in Tenda F456 router firmware version 1.0.0.5 enables authenticated remote attackers to achieve complete system compromise via crafted HTTP requests to the /goform/L7Prot endpoint. The vulnerability affects the frmL7ProtForm function in the httpd component, triggered by malicious 'page' parameter manipulation. Public exploit code exists on GitHub (Litengzheng/vuldb_new), significantly lowering the barrier to exploitation despite requiring low-privilege authentication (PR:L). CVSS 7.4 reflects high confidentiality, integrity, and availability impact with network attack vector and low complexity.
Stack-based buffer overflow in Tenda FH1202 router firmware 1.2.0.14 allows authenticated remote attackers to execute arbitrary code via crafted HTTP requests to the /goform/WrlclientSet endpoint. The vulnerability resides in the fromWrlclientSet function of the httpd component, triggered by malicious 'Go' parameter input. Publicly available proof-of-concept exploit code increases immediate exploitation risk for exposed devices. EPSS data not provided, but public POC and low attack complexity (AC:L) indicate elevated real-world risk despite authentication requirement (PR:L).
Stack-based buffer overflow in Tenda FH1202 router firmware 1.2.0.14(408) allows authenticated remote attackers to execute arbitrary code via crafted 'Go' parameter to the /goform/WrlExtraSet endpoint in the httpd service. A public proof-of-concept exploit exists (GitHub), enabling reliable exploitation despite low attack complexity. CVSS 7.4 (High) severity reflects significant impact potential, though exploitation requires valid user credentials (PR:L), limiting mass-scale attacks to scenarios where default/weak credentials are common in Tenda routers.
Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve high-impact compromise of device confidentiality, integrity, and availability through crafted input to the SafeClientFilter function. A proof-of-concept exploit has been published on GitHub, increasing the likelihood of exploitation attempts against exposed management interfaces. While authentication is required (PR:L), the low attack complexity (AC:L) and network accessibility (AV:N) make this exploitable by attackers with basic router credentials.
Buffer overflow in Tenda F456 wireless router firmware 1.0.0.5 allows authenticated remote attackers to achieve arbitrary code execution through the SafeEmailFilter function. The vulnerability requires low-privilege authentication but enables complete system compromise (confidentiality, integrity, and availability impact all rated High). A public exploit has been published on GitHub, significantly lowering the barrier for exploitation, though no CISA KEV listing or EPSS data indicates the attack remains targeted rather than widespread at this time.
Buffer overflow in Tenda F456 router version 1.0.0.5 allows authenticated remote attackers to achieve complete device compromise via crafted HTTP requests to the /goform/SafeMacFilter endpoint. The vulnerability resides in the fromSafeMacFilter function's improper validation of the 'page' parameter. Public exploit code is available on GitHub, significantly lowering the technical barrier for exploitation. CVSS 7.4 (High) reflects the network attack vector and high impact across confidentiality, integrity, and availability, though exploitation requires low-privilege authentication.
Remote code execution in Tenda F456 router firmware version 1.0.0.5 allows authenticated attackers to crash the device or execute arbitrary code via buffer overflow in the RouteStatic configuration handler. The vulnerability targets the 'page' parameter in /goform/RouteStatic endpoint and requires only low-privilege authentication (CVSS PR:L). A publicly available proof-of-concept exploit exists on GitHub, significantly lowering the technical barrier for exploitation. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact with low attack complexity (AC:L) and network-based attack vector (AV:N).
Buffer overflow in Tenda F456 router firmware version 1.0.0.5 allows authenticated remote attackers to execute arbitrary code or crash the device by sending malformed HTTP requests to the /goform/addressNat endpoint. The vulnerability exists in the fromaddressNat function and is actively exploitable with publicly available proof-of-concept code. CVSS 7.4 with low attack complexity indicates straightforward exploitation once authenticated, while EPSS data (if available) would contextualize real-world exploitation likelihood beyond the confirmed POC availability.
Command injection in ssh-mcp versions up to 1.5.0 allows authenticated local users to execute arbitrary OS commands via the Description parameter to the shell.write function in src/index.ts. Publicly available exploit code exists (GitHub issue #44) demonstrating the vulnerability. Despite CVSS 7.1 severity, real-world risk is moderate due to local-only attack vector and low EPSS score (0.06%, 18th percentile), indicating minimal observed exploitation attempts. Vendor has not responded to early disclosure via issue report.
Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PicaJet FX 2.6.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Easyboot 6.6.0 contains a buffer overflow vulnerability in the Replace Text function that allows local attackers to crash the application by supplying an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Softdisk 3.0.3 contains a buffer overflow vulnerability in the registration code dialog that allows local attackers to crash the application by supplying an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
HD Tune Pro 5.70 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the folder/file name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Drive Power Manager 1.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Remote OS command injection in simple-openstack-mcp allows unauthenticated attackers to execute arbitrary system commands via the exec_openstack function in server.py. The vulnerability affects all deployments up to commit 767b2f4a8154cca344344b9725537a58399e6036, with confirmed publicly available exploit code (GitHub issue #3). CVSS 7.3 severity reflects network attack vector with no authentication required, enabling direct system compromise. Project maintainer has not responded to vulnerability disclosure at time of analysis.
Remote command injection in MiroFish versions up to 0.1.2 allows unauthenticated attackers to execute arbitrary system commands through the SimulationIPCClient.send_command function in the inter-process communication module. The vulnerability is actively exploitable via network access with low complexity, requiring no user interaction or authentication. A public proof-of-concept exploit has been disclosed (GitHub issue #488), and EPSS data shows moderate exploitation probability. The vendor (666ghj) has been notified via issue report but has not responded or released a patch, leaving all MiroFish installations vulnerable to remote compromise.
OS command injection in Intina47 context-sync through version 2.0.0 allows remote unauthenticated attackers to execute arbitrary system commands via the Git integration module (src/git-integration.ts). CVSS 7.3 with network attack vector and no authentication required indicates significant exposure. Publicly available exploit code exists (wing3e/public_exp repository), though no CISA KEV listing suggests exploitation remains limited to proof-of-concept demonstrations rather than widespread campaigns. EPSS data unavailable, but the combination of network exposure, authentication bypass, and public exploit warrants immediate remediation priority for organizations using this synchronization tool.
OS command injection in Toowiredd chatgpt-mcp-server up to version 0.1.0 allows remote unauthenticated attackers to execute arbitrary system commands through the Docker service component. The vulnerability exists in src/services/docker.service.ts within the MCP/HTTP interface and has publicly available exploit code. The vendor has been notified but has not yet released a patch.
Remote unauthenticated attackers can inject arbitrary operating system commands through the browser-connector.ts file in AgentDeskAI browser-tools-mcp versions up to 1.2.0, leading to command execution with application privileges. The vulnerability stems from improper input sanitization in file browser processing and has been published with publicly available exploit code; the vendor has been notified but has not yet released a patch.
Missing authentication in MiroFish REST API allows remote attackers to bypass security controls and access protected endpoints without credentials. The vulnerability affects MiroFish versions up to 0.1.2 in the create_app function within backend/app/__init__.py. A publicly available exploit demonstrates the attack (GitHub issue #487), and the vulnerability is trivially exploitable with CVSS complexity rated Low and no authentication required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N). The vendor has not responded to responsible disclosure attempts, leaving users without an official patch. With CVSS 7.3 (High) and confirmed public POC, this represents an immediate risk to deployments exposing the REST API to untrusted networks.
Path traversal in Tenda i9 router firmware version 1.0.0.5(2204) allows remote unauthenticated attackers to access arbitrary files, modify system configurations, and potentially disrupt device operation via the R7WebsSecurityHandlerfunction in the HTTP Handler component. Publicly available exploit code exists on GitHub (Litengzheng/vuldb_new), enabling straightforward exploitation with EPSS-assessed risk. The vulnerability permits confidentiality, integrity, and availability impacts with low attack complexity and no required user interaction, making it a realistic target for automated scanning and exploitation.
Path traversal in MiroFish up to version 0.1.2 allows remote unauthenticated attackers to read arbitrary files via manipulation of the Platform query parameter in the get_simulation_posts function. The vulnerability affects the backend simulation API endpoint and has publicly available exploit code, though exploitation is limited to information disclosure rather than modification or availability impact.
Server-side request forgery (SSRF) in BuildingAI up to version 26.0.1 allows remote unauthenticated attackers to abuse the Remote Upload API's uploadRemoteFile function by manipulating the url parameter, enabling unauthorized access to internal resources, data exfiltration from cloud metadata services, and potential pivoting to internal network systems. A publicly available exploit exists (GitHub issue #110), but the vendor has not responded to disclosure. CVSS 7.3 with EPSS data unavailable; exploitation requires no authentication and low attack complexity (AV:N/AC:L/PR:N/UI:N), making this a high-priority remediation target despite unknown CISA KEV status.