Authentication bypass in hermes-agent 0.8.0 webhook endpoint allows remote attackers to bypass authentication controls via manipulation of the _INSECURE_NO_AUTH parameter, resulting in limited confidentiality and integrity impact. The vulnerability requires high attack complexity and has publicly available exploit code; vendor patch is available but the project has not yet merged the fix despite early notification.
Improper authentication in the API_SERVER_KEY handler of NousResearch hermes-agent 0.8.0 allows remote attackers to bypass authentication checks in the _check_auth function via the API server component. The vulnerability has a CVSS score of 6.3 with high attack complexity, and publicly available exploit code exists. The project has not yet responded to early notification via pull request.
Cross-site scripting (XSS) in code-projects Employee Management System 1.0 allows remote attackers to inject malicious scripts via manipulation of the file 370project/mark.php. The vulnerability requires user interaction (UI:R) but can be exploited over the network without authentication. Publicly available exploit code exists and the flaw has moderate impact on integrity (CVSS 4.3).
Reflected cross-site scripting (XSS) in code-projects Employee Management System 1.0 allows remote unauthenticated attackers to inject malicious scripts via the ID parameter in 370project/edit.php. The vulnerability requires user interaction (link click) but has publicly available exploit code and a moderate CVSS score of 4.3, indicating limited but real integrity impact through client-side script execution.
Code-Projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass authorization controls via manipulation of the ID parameter in the /invoice/ endpoint, enabling unauthorized access to invoice data with potential for modification and denial of service. The vulnerability has publicly available exploit code and is actively exploitable against default configurations.
Improper authorization in code-projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass access controls via manipulation of the ID parameter in the Profile Handler (/profile/ endpoint), leading to unauthorized read, modification, and denial of service impacts. Public exploit code is available, elevating real-world exploitation risk despite the moderate CVSS score of 6.3.
Improper authorization in code-projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass access controls on the User Management Handler (/user endpoint), gaining unauthorized read, write, and availability impact. The vulnerability has a published exploit available and affects all versions of the affected product line.
SQL injection in CodeAstro Online Classroom 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the deleteid parameter in the /guestdetails endpoint, enabling unauthorized data access, modification, or deletion. The vulnerability has publicly available exploit code and a CVSS score of 6.3 reflecting moderate risk with low attack complexity.
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
SQL injection in code-projects Employee Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the id or token parameter in 370project/cancel.php, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has a publicly available proof-of-concept and CVSS score of 6.3 (medium severity) with low attack complexity, though exploitation requires valid user credentials.
SQL injection in code-projects Employee Management System 1.0 allows authenticated remote attackers to manipulate the id and token parameters in 370project/approve.php, enabling unauthorized database queries with low confidentiality, integrity, and availability impact. Publicly available exploit code exists and CVSS score of 6.3 reflects the attack's network accessibility despite requiring low-level authentication.
SQL injection in code-projects Employee Management System 1.0 allows authenticated remote attackers to manipulate the ID argument in 370project/delete.php, leading to unauthorized database queries with limited confidentiality and integrity impact. Publicly available exploit code exists; CVSS 5.3 reflects moderate risk limited by authentication requirement and restricted data access scope.
SQL injection in code-projects Employee Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in 370project/edit.php, potentially leading to unauthorized data access or modification. The vulnerability requires valid user credentials (PR:L per CVSS vector) and has publicly available exploit code; however, the limited scope (VC:L, VI:L, VA:L) and requirement for authentication reduce real-world risk compared to the base CVSS score of 5.3.
A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update_passwd_process.php. The manipulation of the argument temp_user results in authorization bypass. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Path traversal in HBAI-Ltd Toonflow-app up to version 1.1.1 allows authenticated remote attackers to read arbitrary files via manipulation of the url argument in the updateStoryboardUrl function of the Storyboard Export component. The vulnerability has a publicly available exploit, though the vendor disputes its practical exploitability, arguing the affected interface is designed to accept only local or trusted Docker-configured addresses. CVSS 4.3 reflects low confidence (RC:C) and unconfirmed exploitation probability (E:P).
Cross-site scripting (XSS) vulnerability in code-projects Home Service System 1.0 allows remote attackers to inject malicious scripts via the fname and lname parameters in the /booking.php Appointment Booking component. User interaction is required for exploitation. A public exploit is available, and the vulnerability carries moderate risk (CVSS 4.3) with integrity impact through malicious script execution in victim browsers.
A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might be used.
A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Cross-site scripting (XSS) in code-projects Invoice System in Laravel 1.0 allows authenticated remote attackers to inject malicious scripts via the item name/description parameter in the /item endpoint. The vulnerability requires user interaction (UI:P) and affects only the integrity of victim data (VI:L), but publicly available exploit code exists and the attack vector is network-accessible.
Stored cross-site scripting (XSS) in code-projects Chat System 1.0 allows high-privilege remote attackers to inject malicious scripts via the msg parameter in /admin/send_message.php, affecting the Chat Interface component. The vulnerability requires admin-level authentication and user interaction (viewing the crafted message), but publicly available exploit code exists and the issue is actively being leveraged. With a CVSS score of 2.4, the impact is limited to integrity violations with no confidentiality or availability loss, but the presence of public POC and active exploitation elevates practical risk despite low severity metrics.
A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.file_name leads to path traversal. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project maintainer confirms this issue: "I accept the existence of the Path Traversal vulnerability. However, as stated in the Github link, it reached EOL and as a result no actions should be expected." The GitHub repository mentions, that "[u]sers and contributors should migrate to binwalk v3." This vulnerability only affects products that are no longer supported by the maintainer.
A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The patch is named cf6ac48c972eaaee2af270adc3f36615325deb3e. The affected component should be upgraded.
A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been made public and could be used. The patch is named 1ad67864c0c20f167929e64c875f5c28e1aad9fd. To fix this issue, it is recommended to deploy a patch.
Weak cryptographic hash usage in code-projects Chat System 1.0 allows remote attackers to compromise password security through the MD5 Hash Handler in update_user.php. The vulnerability stems from use of MD5 for password hashing, a cryptographically broken algorithm that enables rapid offline cracking of password hashes. Publicly disclosed exploit code exists, though exploitation requires high attack complexity. The vulnerability impacts password confidentiality with low direct severity but creates substantial downstream risks for user account compromise.
Command injection in Tenda F456 1.0.0.5 httpd allows authenticated remote attackers to execute arbitrary commands via the mac parameter in the /goform/WriteFacMac endpoint. The vulnerability has a publicly available exploit and CVSS 5.3 score with authenticated access requirement (PR:L), limiting immediate widespread risk but affecting exposed or compromised administrative accounts.
A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.13.3rc1 and 0.14.0 is sufficient to resolve this issue. This patch is called f7846fc0c323da8325422cab32623491757f1b88. The affected component should be upgraded.
Unrestricted file upload in code-projects Invoice System Laravel 1.0 allows authenticated attackers to upload arbitrary files via the logo parameter in the /company endpoint, enabling remote code execution or malicious file distribution. Public exploit code is available, and the vulnerability requires only low-privilege authenticated access with no user interaction.
A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generate_favicon_from_url of the file src/auto_favicon/server.py of the component MCP Tool. The manipulation of the argument image_url results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
Reflected cross-site scripting (XSS) in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote attackers to inject malicious scripts via the ID parameter in /index.php?page=categories. The vulnerability requires user interaction (clicking a crafted link) but has publicly available exploit code and a low CVSS score (5.3) reflecting limited impact scope, with only low integrity consequences to the victim's session or data.
Cross-site request forgery (CSRF) in code-projects Invoice System 1.0 for Laravel allows remote attackers to perform unauthorized actions via crafted requests. The vulnerability requires user interaction (clicking a malicious link) but affects the system's integrity through unvalidated state-changing operations. Exploit code is publicly available, and the CVSS 5.3 score reflects moderate severity with limited integrity impact but no confidentiality or availability harm.
Server-side request forgery in HBAI-Ltd Toonflow-app up to version 1.1.1 allows authenticated remote attackers to manipulate the Link parameter in the getCodeByLink endpoint, enabling arbitrary HTTP requests from the server. The vendor acknowledges the /getCodeByLink interface is inherently high-risk and designed to fetch and execute TypeScript code locally; public exploit code exists but vendor questions the practical exploitability of the reported vulnerability.
A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality.
SQL injection in likeadmin_php up to version 1.9.6 allows high-privilege remote attackers to manipulate SQL queries through the queryResult function in the dataTable Admin API component, potentially exposing or modifying sensitive database content. Public exploit code exists and the vendor has not yet responded to early notification, elevating risk despite the CVSS score of 5.1 reflecting high-privilege authentication requirements.
Path traversal in HBAI-Ltd Toonflow-app up to version 1.1.1 allows authenticated remote attackers to access files outside intended directories via the url parameter in the downloadApp endpoint (src/routes/setting/about/downloadApp.ts). The vulnerability requires high attack complexity and authenticated access; vendor mitigation notes that the update URL is statically compiled in official code and exploitation would require users to modify source code. Publicly disclosed exploit code exists, but real-world exploitability is disputed by the vendor and remains uncertain.