String injection in Notepad++ 8.9.3 leads to memory address disclosure or application crash when processing maliciously crafted input. Attackers can leverage this remotely without authentication (CVSS 4.0 score 10.0, AV:N/PR:N), though desktop application context suggests user interaction required despite UI:N in vector. Publicly available exploit code exists per GitHub repository llgsjsm/cve-2026-3008. Fixed in version 8.9.4 release candidate per community forum discussion. EPSS data not available for 2026 CVE.
A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file_path results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor confirms, that the "fix will be published within a few days."
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Server-side request forgery in ShadowCloneLabs GlutamateMCPServers allows remote unauthenticated attackers to manipulate the 'url' parameter in the puppeteer_navigate component (src/puppeteer/index.ts), potentially accessing internal resources or conducting network reconnaissance. A publicly available proof-of-concept exploit exists (GitHub). EPSS data not available, but CVSS 7.3 (High) with network vector, low complexity, and no authentication requirements indicates significant accessibility. The vendor has not responded to early disclosure via GitHub issue #8, and no patch timeline exists due to the project's rolling release model.
A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performing a manipulation of the argument req.query.base_url results in server-side request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Improper authorization in code-projects Invoice System in Laravel 1.0 allows remote unauthenticated attackers to bypass authentication and access the /item API endpoint, resulting in limited confidentiality impact. The vulnerability has a CVSS score of 5.5 (network-accessible, low attack complexity, no privileges required), and publicly available exploit code exists, increasing real-world risk despite the moderate base score.
CodeAstro Online Job Portal 1.0 exposes file and directory information through the /users/user-cvs/ endpoint via remote unauthenticated access, allowing attackers to enumerate and retrieve sensitive resume and user data. The vulnerability has publicly available exploit code and affects all versions of the application via the CPE cpe:2.3:a:codeastro:online_job_portal:*:*:*:*:*:*:*:*. CVSS 5.5 with confirmed public exploit availability and EPSS exploitation probability indicates moderate real-world risk for deployments accessible over the network.
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to execute arbitrary database queries via the ID parameter in /ajax.php?action=delete_product. Publicly available exploit code exists (GitHub POC), enabling unauthorized data access, modification, or deletion without authentication. EPSS data not available, but the combination of network attack vector, no authentication requirement, and public exploit significantly elevates real-world exploitation risk for internet-exposed instances.
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_product. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to read, modify, or delete database records via the ID parameter in /ajax.php?action=delete_receiving. Publicly available exploit code (GitHub POC) demonstrates working attack against default installations with no authentication required (CVSS AV:N/AC:L/PR:N). EPSS data not available, but POC publication significantly lowers exploitation barrier for opportunistic attacks against internet-exposed instances.
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the ID parameter in /ajax.php?action=save_category. Public exploit code exists on GitHub (y1shiny1shin/vuldb-project), enabling immediate weaponization against unpatched systems. CVSS 7.3 reflects potential for confidentiality, integrity, and availability compromise through database manipulation. No remediation release identified at time of analysis.
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the ID parameter in /ajax.php?action=save_receiving. Publicly available exploit code (GitHub PoC) enables immediate weaponization. CVSS 7.3 reflects network-accessible attack with no authentication required, enabling confidentiality/integrity/availability impact across database operations. EPSS data not provided, but public exploit availability significantly elevates real-world risk for unpatched installations of this open-source PHP application.
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to extract, modify, or delete database contents via the ID parameter in /ajax.php?action=save_sales endpoint. Publicly available exploit code exists (GitHub POC), enabling low-complexity attacks with no authentication barriers. EPSS data not available, but public exploit significantly lowers attacker skill threshold. CVSS 7.3 reflects network-exploitable vulnerability with moderate confidentiality, integrity, and availability impacts.
SQL injection in itsourcecode Courier Management System 1.0 via the ID parameter in /edit_parcel.php allows remote unauthenticated attackers to query, modify, or delete database contents. The CVSS 6.9 score reflects low confidentiality and integrity impact; however, the vulnerability is remotely exploitable with no authentication required and publicly available exploit code exists, making it a practical attack vector against exposed instances.
SQL injection in itsourcecode Courier Management System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via manipulation of the ID parameter in /edit_branch.php. The vulnerability has publicly disclosed exploit code available and affects confidentiality, integrity, and availability of the underlying database.
SQL injection in itsourcecode Construction Management System 1.0 allows remote unauthenticated attackers to manipulate the address parameter in /locations.php, enabling arbitrary database queries with confidentiality and integrity impact. Publicly available exploit code exists, increasing real-world risk despite the moderate CVSS score of 6.9.
SQL injection in itsourcecode Construction Management System 1.0 allows remote unauthenticated attackers to manipulate the code parameter in /execute1.php, enabling database query manipulation and potential data exfiltration or modification. Publicly available exploit code exists, increasing real-world risk despite the moderate CVSS score of 6.9.
SQL injection in itsourcecode Construction Management System 1.0 via the code parameter in /execute.php allows remote unauthenticated attackers to execute arbitrary SQL queries and potentially access or modify database contents. The vulnerability has a publicly available exploit and is confirmed to have a low confidentiality, integrity, and availability impact according to CVSS v4.0 scoring.
SQL injection in code-projects Inventory Management System 1.0 allows remote unauthenticated attackers to manipulate the Username parameter in the Login component, leading to unauthorized database access and potential data exfiltration. The vulnerability has a publicly available exploit and CVSS 6.9 score reflecting low confidentiality, integrity, and availability impact without scope expansion. EPSS data unavailable, but public exploit availability elevates practical risk.
Remote SQL injection in CodePanda Source canteen_management_system 1.0 allows unauthenticated attackers to manipulate the Username parameter in /api/login.php, enabling arbitrary database queries. Public exploit code is available. The vulnerability affects confidentiality and integrity with low impact scope, making it a practical attack vector for credential harvesting or data exfiltration from the canteen management database.
A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used.
ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName() function fails to restrict HTML and HTM file uploads. Authenticated attackers can upload HTML files containing arbitrary JavaScript through the image upload or attachment endpoints, and any user accessing the uploaded file URL will execute the embedded JavaScript in their browser.
ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by only detecting specific patterns while returning unsanitized strings without output encoding. Attackers can inject malicious payloads that bypass the filter using alternative syntax such as img tags with event handlers, which are stored and executed in the browsers of users viewing the affected content.
Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication (the default configuration), the TlsTransportPlugin assigns a fallback principal (CN=ANONYMOUS) if no client certificate is presented or if certificate verification fails. The underlying SSLPeerUnverifiedException is caught and suppressed rather than rejecting the connection. This fail-open behavior means an unauthenticated client can establish a TLS connection and receive a valid principal identity. If the configured authorizer (e.g., SimpleACLAuthorizer) does not explicitly deny access to CN=ANONYMOUS, this may result in unauthorized access to Storm services. The condition is logged at debug level only, reducing visibility in production. Impact: Unauthenticated clients may be assigned a principal identity, potentially bypassing authorization in permissive or misconfigured environments. Mitigation: Users should upgrade to 2.8.7 in which TLS authentication failures are handled in a fail-closed manner. Users who cannot upgrade immediately should: - Enable mandatory client certificate authentication (nimbus.thrift.tls.client.auth.required: true) - Ensure authorization rules explicitly deny access to CN=ANONYMOUS - Review all ACL configurations for implicit default-allow behavior
DOM-based cross-site scripting (XSS) in CodexThemes TheGem Theme Elements plugin for Elementor allows authenticated attackers with low privileges to inject malicious scripts that execute in the context of other users' browsers when user interaction occurs. The vulnerability affects versions before 5.12.1.1 and requires authenticated access and user interaction to exploit, limiting real-world risk compared to network-vector XSS but still enabling session hijacking, credential theft, or unauthorized admin actions on WordPress sites using this plugin.
SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial of service in MERCURY IP camera MIPC252W version 1.0.5 Build 230306 allows unauthenticated local attackers to trigger persistent authentication failure in the RTSP service by sending repeated requests with invalid Digest authentication parameters, preventing legitimate clients from authenticating and causing service unavailability.
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter
Reflected cross-site scripting (XSS) in WebFileSys 2.31.1 allows remote attackers to execute arbitrary JavaScript in victims' browsers via unencoded user input reflected into HTML and JavaScript contexts. Attack requires victim interaction (UI:R) but affects cross-site scope, enabling session hijacking, credential theft, or malware delivery. EPSS score of 0.01% indicates extremely low baseline exploitation probability despite public exploit code availability on GitHub.
If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.
Improper ownership management in Moxa Secure Router allows low-privileged authenticated users to access exported configuration files containing hashed administrative passwords, enabling credential disclosure. The vulnerability is confined to scenarios where configuration files have been exported and requires valid user credentials to exploit; no impact to system integrity or availability has been identified.
A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py of the component aider_ai_code. This manipulation of the argument relative_editable_files causes command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Command injection in D-Link DIR-822 A_101 udhcpd DHCP service allows remote unauthenticated attackers to execute arbitrary commands via a malicious Hostname parameter in DHCP requests. The vulnerability affects an end-of-life product with publicly disclosed exploit code available, creating significant risk for organizations unable to migrate away from legacy hardware.
OPPO Wallet APP contains a trusted domain validation bypass flaw that allows local attackers with user interaction to hijack account tokens and disclose sensitive information. The vulnerability affects all versions of OPPO Wallet APP and exploits improper domain verification in protected interface access controls, enabling token theft through local attack vector.
A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be initiated remotely. Upgrading to version 3.2.8 is sufficient to fix this issue. The identifier of the patch is ca1a66fffe282767bb08618af9f848e3b68ea47b. It is suggested to upgrade the affected component. This behavior is related to CVE-2024-37877. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare_kaggle_dataset of the file src/kaggle_mcp/server.py. The manipulation of the argument competition_id leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function _validate_url_safe of the file src/mcp_url_downloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Denial of service in Linux kernel GPIO OMAP driver allows local authenticated users to crash the system via a deadlock condition triggered by improper driver registration from probe() callback. The vulnerability stems from registering the omap_mpuio_driver within omap_gpio_probe(), which violates driver core locking rules and creates a potential deadlock when device_lock enforcement was strengthened in commit dc23806a7c47. EPSS score of 0.03% reflects low exploitation probability despite availability of patched kernel versions.
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to manipulate the ID parameter in /ajax.php?action=delete_category, enabling arbitrary SQL query execution with confidentiality and integrity impact. CVSS 6.9 reflects network accessibility and low privilege requirements; publicly available exploit code exists per description.
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to manipulate the ID parameter in /ajax.php?action=save_type, enabling arbitrary SQL query execution with confidentiality and integrity impact. Publicly disclosed exploit code is available, significantly increasing real-world risk despite the moderate CVSS score of 6.9.
Denial of service in the Linux kernel EDAC (Error Detection and Correction) subsystem due to improper initialization ordering in edac_mc_alloc(). When memory allocation fails during EDAC memory controller initialization, the error path calls put_device() before device_initialize() is executed, triggering a null pointer dereference in kobject_put() that causes a kernel panic or system crash. This affects Linux systems with EDAC support enabled across multiple kernel versions from 5.19 through 7.0.
In the Linux kernel, the following vulnerability has been resolved: igb: remove napi_synchronize() in igb_down() When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9), the XSK buffer pool is destroyed but NAPI polling continues. igb_clean_rx_irq_zc() repeatedly returns the full budget, preventing napi_complete_done() from clearing NAPI_STATE_SCHED. igb_down() calls napi_synchronize() before napi_disable() for each queue vector. napi_synchronize() spins waiting for NAPI_STATE_SCHED to clear, which never happens. igb_down() blocks indefinitely, the TX watchdog fires, and the TX queue remains permanently stalled. napi_disable() already handles this correctly: it sets NAPI_STATE_DISABLE. After a full-budget poll, __napi_poll() checks napi_disable_pending(). If set, it forces completion and clears NAPI_STATE_SCHED, breaking the loop that napi_synchronize() cannot. napi_synchronize() was added in commit 41f149a285da ("igb: Fix possible panic caused by Rx traffic arrival while interface is down"). napi_disable() provides stronger guarantees: it prevents further scheduling and waits for any active poll to exit. Other Intel drivers (ixgbe, ice, i40e) use napi_disable() without a preceding napi_synchronize() in their down paths. Remove redundant napi_synchronize() call and reorder napi_disable() before igb_set_queue_napi() so the queue-to-NAPI mapping is only cleared after polling has fully stopped.
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows local attackers to crash the application or execute arbitrary code by opening a crafted XFA PDF file during calculate event processing. The vulnerability requires user interaction (opening a malicious PDF) but impacts both products across all versions listed in CPE data. No public exploit code or active exploitation has been confirmed at this time.
Modal dialog reentry vulnerability in Foxit PDF Editor and Reader allows local attackers to trigger UI freeze and denial of service by supplying a crafted PDF document with a malicious action chain, requiring user interaction to open the file. The vulnerability stems from improper control flow management in document action handling and results in application unresponsiveness on the main thread. No public exploit code or active exploitation has been identified at the time of analysis.
Unhandled exception in Foxit PDF Editor and Foxit PDF Reader allows local denial of service when a user opens a maliciously crafted PDF file with insufficient parameter verification, causing the application to crash via an uncaught std::invalid_argument exception. The vulnerability requires user interaction (opening a file) and local file access but affects all versions of both products without authentication requirements.