Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PicaJet FX 2.6.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Easyboot 6.6.0 contains a buffer overflow vulnerability in the Replace Text function that allows local attackers to crash the application by supplying an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Softdisk 3.0.3 contains a buffer overflow vulnerability in the registration code dialog that allows local attackers to crash the application by supplying an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
HD Tune Pro 5.70 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the folder/file name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Drive Power Manager 1.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Remote OS command injection in simple-openstack-mcp allows unauthenticated attackers to execute arbitrary system commands via the exec_openstack function in server.py. The vulnerability affects all deployments up to commit 767b2f4a8154cca344344b9725537a58399e6036, with confirmed publicly available exploit code (GitHub issue #3). CVSS 7.3 severity reflects network attack vector with no authentication required, enabling direct system compromise. Project maintainer has not responded to vulnerability disclosure at time of analysis.
Remote command injection in MiroFish versions up to 0.1.2 allows unauthenticated attackers to execute arbitrary system commands through the SimulationIPCClient.send_command function in the inter-process communication module. The vulnerability is actively exploitable via network access with low complexity, requiring no user interaction or authentication. A public proof-of-concept exploit has been disclosed (GitHub issue #488), and EPSS data shows moderate exploitation probability. The vendor (666ghj) has been notified via issue report but has not responded or released a patch, leaving all MiroFish installations vulnerable to remote compromise.
OS command injection in Intina47 context-sync through version 2.0.0 allows remote unauthenticated attackers to execute arbitrary system commands via the Git integration module (src/git-integration.ts). CVSS 7.3 with network attack vector and no authentication required indicates significant exposure. Publicly available exploit code exists (wing3e/public_exp repository), though no CISA KEV listing suggests exploitation remains limited to proof-of-concept demonstrations rather than widespread campaigns. EPSS data unavailable, but the combination of network exposure, authentication bypass, and public exploit warrants immediate remediation priority for organizations using this synchronization tool.
OS command injection in Toowiredd chatgpt-mcp-server up to version 0.1.0 allows remote unauthenticated attackers to execute arbitrary system commands through the Docker service component. The vulnerability exists in src/services/docker.service.ts within the MCP/HTTP interface and has publicly available exploit code. The vendor has been notified but has not yet released a patch.
Remote unauthenticated attackers can inject arbitrary operating system commands through the browser-connector.ts file in AgentDeskAI browser-tools-mcp versions up to 1.2.0, leading to command execution with application privileges. The vulnerability stems from improper input sanitization in file browser processing and has been published with publicly available exploit code; the vendor has been notified but has not yet released a patch.
Missing authentication in MiroFish REST API allows remote attackers to bypass security controls and access protected endpoints without credentials. The vulnerability affects MiroFish versions up to 0.1.2 in the create_app function within backend/app/__init__.py. A publicly available exploit demonstrates the attack (GitHub issue #487), and the vulnerability is trivially exploitable with CVSS complexity rated Low and no authentication required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N). The vendor has not responded to responsible disclosure attempts, leaving users without an official patch. With CVSS 7.3 (High) and confirmed public POC, this represents an immediate risk to deployments exposing the REST API to untrusted networks.
Path traversal in Tenda i9 router firmware version 1.0.0.5(2204) allows remote unauthenticated attackers to access arbitrary files, modify system configurations, and potentially disrupt device operation via the R7WebsSecurityHandlerfunction in the HTTP Handler component. Publicly available exploit code exists on GitHub (Litengzheng/vuldb_new), enabling straightforward exploitation with EPSS-assessed risk. The vulnerability permits confidentiality, integrity, and availability impacts with low attack complexity and no required user interaction, making it a realistic target for automated scanning and exploitation.
Path traversal in MiroFish up to version 0.1.2 allows remote unauthenticated attackers to read arbitrary files via manipulation of the Platform query parameter in the get_simulation_posts function. The vulnerability affects the backend simulation API endpoint and has publicly available exploit code, though exploitation is limited to information disclosure rather than modification or availability impact.
Server-side request forgery (SSRF) in BuildingAI up to version 26.0.1 allows remote unauthenticated attackers to abuse the Remote Upload API's uploadRemoteFile function by manipulating the url parameter, enabling unauthorized access to internal resources, data exfiltration from cloud metadata services, and potential pivoting to internal network systems. A publicly available exploit exists (GitHub issue #110), but the vendor has not responded to disclosure. CVSS 7.3 with EPSS data unavailable; exploitation requires no authentication and low attack complexity (AV:N/AC:L/PR:N/UI:N), making this a high-priority remediation target despite unknown CISA KEV status.
Server-side request forgery in Typecho's Pingback Service (versions up to 1.3.0) allows remote unauthenticated attackers to force the server to make arbitrary HTTP requests to internal or external resources. The vulnerability resides in Service::sendPingHandle() function where attacker-controlled X-Pingback and link parameters bypass validation. Public exploit code exists (documented in researcher blog post), enabling immediate weaponization. CVSS 7.3 reflects network-accessible attack with no authentication required. EPSS data not available, but public POC significantly elevates real-world risk. Vendor non-responsive to early disclosure.
SQL injection in Yu Picture's PageRequest handler allows remote unauthenticated attackers to manipulate database queries via the sortField parameter in PictureServiceImpl.java. The vulnerability exists in MyBatis-Plus integration code at commit a053632c41340152bf75b66b3c543d129123d8ec. Publicly available exploit code exists (GitHub issue #4) with EPSS not yet calculated. Vendor patch available via pull request #3 but remains unmerged, leaving deployed instances vulnerable. CVSS 7.3 reflects network-accessible, low-complexity exploitation with no authentication required, enabling partial confidentiality, integrity, and availability compromise.
SQL injection in code-projects Employee Management System 1.0 allows remote unauthenticated attackers to extract, modify, or delete database contents via the pwd parameter in /370project/process/eprocess.php. CVSS 7.3 (High) with network vector and no prerequisites. Publicly available exploit code exists on GitHub, enabling immediate weaponization. No vendor-released patch identified at time of analysis. EPSS data unavailable; not listed in CISA KEV, suggesting targeted rather than widespread exploitation despite public POC.
Improper authentication in SmythOS sre up to version 0.0.15 allows remote attackers to bypass authentication via manipulation of HTTP headers X-DEBUG-RUN and X-DEBUG-INJ in the AgentRuntime component, enabling unauthorized access with low confidentiality, integrity, and availability impact. Publicly available exploit code exists and the vendor has not responded to early disclosure notification.
Stored or reflected cross-site scripting (XSS) in D-Link DGS-3420 firmware 1.50.018 allows authenticated remote attackers to inject malicious scripts via the System Name parameter on the System Information Settings Page. The vulnerability requires high-level administrative privileges and user interaction (UI:R), limiting exploitation to scenarios where an authenticated admin visits a malicious page or clicks a crafted link. Publicly available exploit code exists; CVSS 4.5 reflects the requirement for admin access and user interaction, though the impact is information disclosure or session hijacking potential through XSS.
SpEL expression injection in baomidou dynamic-datasource 2.5.0 allows authenticated remote attackers to execute arbitrary code via the DsSpelExpressionProcessor component. The vulnerability stems from unsafe evaluation of Spring Expression Language (SpEL) in datasource routing logic, enabling attackers with application access to inject malicious expressions that execute with application privileges. No public exploit code or active exploitation has been identified at time of analysis, though upstream fix is available.
Hickory DNS recursor versions 0.1 through 0.25.2 allow cross-zone DNS poisoning attacks due to cached DNS responses not being directly associated with the query that triggered them, enabling attackers to inject malicious DNS records across zone boundaries and potentially redirect traffic to attacker-controlled servers without user interaction or authentication.