Datavane Datavines up to commit 13607645e14a4982468cfdbcf75c85cde63bae71 uses a hard-coded cryptographic key in the JWT Token Handler component, allowing remote attackers to manipulate the tokenSecret parameter and bypass authentication or forge tokens. The vulnerability requires high attack complexity but has publicly available exploit code; the vendor has been informed via pull request but has not yet merged the fix.
Information disclosure in MiroFish up to version 0.1.2 allows remote attackers to leak sensitive data through manipulation of the SECRET argument in the Werkzeug Debugger PIN Handler at the /console endpoint. The vulnerability requires high attack complexity and has a low CVSS score (3.7) indicating limited confidentiality impact, but publicly available exploit code exists and the vendor has not responded to early notification.
Path traversal in rawchen sims DeleteFileServlet endpoint allows authenticated remote attackers to manipulate the filename parameter and access arbitrary files on the system, potentially leading to information disclosure or file modification. The vulnerability affects all versions up to commit 004f783b1db5ecdfad81c8fdc3b34171211112de, with publicly available exploit code and no vendor response to early disclosure notification.
Unrestricted file upload in GreenCMS up to version 2.3 allows authenticated remote attackers to upload arbitrary files via the themeadd function in the custom admin module, potentially enabling remote code execution or content manipulation. Publicly available exploit code exists and the vulnerability affects only end-of-life versions of the product.
Unrestricted file upload in GreenCMS up to version 2.3 via the pluginAddLocal function in /index.php?m=admin&c=custom&a=pluginadd allows authenticated remote attackers to upload arbitrary files, leading to potential remote code execution. The vulnerability affects only unsupported legacy versions. Publicly available exploit code exists, and the CVSS vector confirms network-accessible exploitation requiring low privileges.
SQL injection in ByteDance coze-studio up to version 0.5.1 allows authenticated remote attackers to manipulate the ExecuteSQL function in the databaseTool component, enabling arbitrary SQL query execution with limited confidentiality and integrity impact. The vulnerability has a publicly available exploit and affects the backend database service layer; the vendor has not responded to disclosure efforts.
SQL injection in CodeAstro Online Job Portal 1.0 allows authenticated admin users to manipulate the ID parameter in /admin/jobs-admins/delete-jobs.php, enabling remote SQL injection attacks against the database. The vulnerability requires high-level admin privileges (PR:H) but has a publicly available exploit and low attack complexity (AC:L), permitting remote attackers with admin access to read, modify, or delete sensitive database records. Exploitation is confirmed by public proof-of-concept code.
Cross-site scripting (XSS) in MaxSite CMS up to version 109.3 allows authenticated high-privilege users to inject malicious scripts via the ushki Plugin's f_ushka_new or f_ushk parameters. The vulnerability requires user interaction to trigger, but publicly available exploit code exists. Vendor classified this as self-XSS and fixed the root cause (missing htmlspecialchars() filtering) in version 109.4.
Cross-site scripting (XSS) in MaxSite CMS Guestbook Plugin up to version 109.3 allows authenticated high-privilege users to inject malicious scripts via the f_text, f_slug, f_limit, or f_email parameters due to missing htmlspecialchars() output filtering. The vulnerability requires high-privilege authentication and user interaction (UI:P), limiting it to trusted administrators, but publicly available exploit code exists. Upgrading to version 109.4 resolves the issue by implementing proper output encoding.
Cross-site scripting (XSS) in MaxSite CMS mail_send plugin up to version 109.3 allows authenticated high-privilege users to inject malicious scripts via the f_subject, f_files, or f_from parameters, resulting in stored XSS that can affect other users. The vulnerability stems from missing input sanitization via htmlspecialchars() and is classified by the vendor as self-XSS. Publicly available exploit code exists, and a patch is available in version 109.4.
Cross-site scripting (XSS) in MaxSite CMS up to version 109.3 affects the down_count plugin, where unsanitized input in the f_file and f_prefix parameters allows authenticated high-privilege users to inject malicious scripts via remote network access with user interaction. The vendor classifies this as self-XSS due to high privilege requirements (PR:H) and user interaction (UI:P), but the lack of output encoding via htmlspecialchars() represents a secure coding violation. Publicly available exploit code exists, and a patch is available in version 109.4.
Cross-site scripting vulnerability in MaxSite CMS Redirect Plugin up to version 109.3 allows authenticated high-privilege users to inject malicious scripts via the f_all or f_all404 parameters due to missing output encoding with htmlspecialchars(). The vulnerability requires high-privilege authentication and user interaction to execute, resulting in low impact (integrity only); however, publicly available exploit code exists and the vendor has classified this as a self-XSS violation of secure coding standards. Upgrade to version 109.4 or later to remediate.
Cross-site scripting (XSS) in MaxSite CMS up to version 109.3 allows authenticated administrators to inject malicious scripts via the f_logging_file parameter in the Antispam Plugin admin interface, leading to stored XSS with user interaction required. The vulnerability affects the /admin/plugin_antispam endpoint and results from insufficient output encoding. Vendor-released patch version 109.4 addresses the issue by implementing htmlspecialchars() filtering; publicly available exploit code exists.
Path traversal vulnerability in Ollama up to version 0.20.2 affects the digestToPath function in the Tensor Model Transfer Handler, allowing remote attackers with high complexity to manipulate digest arguments and traverse the filesystem. Public exploit code exists, though the vendor has not acknowledged disclosure attempts. CVSS 6.3 reflects low confidentiality, integrity, and availability impact limited by high attack complexity and no scope change.
SmythOS sre versions up to 0.0.15 expose sensitive information through improper validation of the baseURL argument in the Connector Service's LLM utilities component. An authenticated remote attacker with user interaction can manipulate the baseURL parameter to disclose confidential data. Public exploit code exists, and the vendor has not responded to early disclosure notifications.
Cross-site scripting (XSS) in D-Link DSL-2740R EU_01.15 allows authenticated remote attackers with high privileges to inject malicious scripts via the Wireless Network Name parameter in the Wireless Setup Section, affecting data integrity when a user views the compromised configuration. The vulnerability requires user interaction and administrative credentials, limiting its real-world exploitation scope despite publicly available exploit code.
Insufficient credential protection in tufantunc ssh-mcp up to version 1.5.0 allows local authenticated users to disclose sensitive credentials through the Command Line Handler component. The vulnerability affects src/index.ts and has a publicly available exploit, though the low CVSS score of 1.9 reflects limited scope (confidentiality impact only, no integrity or availability effects) and requirement for local authenticated access.