Improper cryptographic signature verification in Dolibarr ERP CRM up to version 23.0.2 allows remote attackers to bypass signature validation in the Online Signature Module, potentially forging or manipulating signed transactions. The vulnerability affects the dol_verifyHash function and has been publicly disclosed with exploit code available, though exploitation requires high technical complexity and is not confirmed as actively exploited in production environments.
Command injection in JD Cloud JDCOS 4.5.1.r4518 allows authenticated remote attackers to execute arbitrary system commands via manipulation of the vid parameter in the set_iptv_info function of the /jdcap service interface. The vulnerability has a CVSS score of 6.3 (Medium) with low attack complexity and is actively weaponized with publicly available exploit code. The vendor has not responded to early disclosure notifications.
Command injection in Wavlink WL-WN570HA1 firmware version R70HA1 V1410_221110 allows authenticated remote attackers to execute arbitrary system commands via manipulation of the command argument in the set_sys_cmd function of /cgi-bin/adm.cgi. The vulnerability has publicly available exploit code and affects only discontinued products no longer maintained by the vendor.
Command injection in Wavlink WL-WN570HA1 firmware R70HA1 V1410_221110 allows authenticated remote attackers to execute arbitrary commands via the Username parameter in the set_sys_adm function of /cgi-bin/adm.cgi. Publicly available exploit code exists for this vulnerability affecting end-of-life hardware no longer supported by the vendor.
Command injection in Edimax BR-6208AC 1.02 allows authenticated remote attackers to execute arbitrary system commands via the L2TPUserName parameter in the /goform/setWAN endpoint when L2TP Mode is configured. The vulnerability requires valid credentials but carries moderate risk (CVSS 6.3) with publicly available exploit code and vendor non-responsiveness to disclosure.
Command injection in Edimax BR-6428nC router web interface through the /goform/setWAN endpoint allows authenticated remote attackers to execute arbitrary system commands via unsanitized pppUserName or pptpUserName parameters. Affected firmware versions up to 1.16 contain this vulnerability; publicly available exploit code exists. The vendor was contacted but did not respond, indicating no security fix is anticipated.
Denial of service in Open5GS UDR component (versions up to 2.7.7) via malformed pei argument in udr_nudr_dr_handle_subscription_context function allows authenticated remote attackers to crash the User Data Repository service with low complexity. Publicly available exploit code exists; vendor has not responded to early notification.
Code injection via the eval function in Langflow's LambdaFilterComponent allows remote authenticated attackers to execute arbitrary code with low-to-medium integrity and confidentiality impact. The vulnerability affects Langflow up to version 1.8.4, requires user login (PR:L), and has publicly available exploit code. The vendor did not respond to early disclosure notification.
Denial of service in Open5GS UDR component up to version 2.7.7 allows authenticated remote attackers to crash the subscription data service by manipulating the supi_id argument to the ogs_dbi_subscription_data function. Publicly available exploit code exists, and the vendor has been notified via issue report but has not yet released a patch.
Denial of service in Open5GS versions up to 2.7.7 allows authenticated remote attackers to crash the AMF (Access and Mobility Management Function) component by exploiting improper error handling in the gmm_handle_service_request function. The vulnerability requires low-privilege authentication to trigger and results in service unavailability. A public exploit has been disclosed via GitHub issue tracker, though the vendor has not yet released a patch despite early notification.
Path traversal vulnerability in kerwincui FastBee up to version 1.2.1 allows authenticated remote attackers to read arbitrary files on the server via manipulation of the fileName parameter in the ToolController.download endpoint. The vulnerability has publicly available exploit code and affects the Tool Download functionality, enabling unauthorized file disclosure with low CVSS impact (4.3) due to authentication requirements and limited scope.
Unrestricted file upload vulnerability in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 allows authenticated remote attackers to upload arbitrary files via the /SubstationWEBV2/main/uploadH5Files endpoint, potentially leading to remote code execution or system compromise. The vulnerability is tracked with CVSS 6.3 (moderate severity), publicly available exploit code exists, and the vendor has not responded to early disclosure attempts.
SQL injection in Dromara MaxKey up to version 3.5.13 allows authenticated remote attackers to execute arbitrary SQL queries via manipulation of the filtersfields argument in the StrUtils.checkSqlInjection function, potentially leading to unauthorized data access, modification, or deletion. The vulnerability requires low-privilege authentication and has publicly available exploit code; the vendor has not responded to early disclosure notifications.
SQL injection in YunaiV yudao-cloud up to version 2026.01 allows authenticated remote attackers to execute arbitrary SQL queries via the getDataBySQL function in GoViewDataServiceImpl.java, potentially compromising confidentiality, integrity, and availability of the application database. Publicly available exploit code exists, and the vendor did not respond to early disclosure notifications.
Path traversal vulnerability in AV Stumpfl Pixera Two Media Server up to version 25.1 R2 allows adjacent network attackers to access arbitrary files via manipulation of an unknown function on Service Port 1338. The vulnerability has a low CVSS score of 2.1 due to adjacency requirement (AV:A) and confidentiality-only impact, but publicly available exploit code exists and the vendor has released a patch in version 25.2 R3.
Path traversal in jsbroks COCO Annotator up to version 0.11.1 allows authenticated remote attackers to access arbitrary files on the server by manipulating the folder argument in the Data Endpoint (backend/webserver/api/datasets.py). The vulnerability requires valid user credentials and an attacker can only read files with limited technical impact, but publicly available exploit code exists and the vendor has not responded to disclosure attempts.
Unrestricted file upload in crmeb_java Admin Upload component (versions up to 1.3.4) allows high-privileged remote attackers to upload arbitrary files by manipulating the model argument in UploadServiceImpl.java, resulting in potential code execution or system compromise. Publicly available exploit code exists and the vendor has not responded to disclosure attempts.
Stored cross-site scripting (XSS) in kerwincui FastBee up to version 1.2.1 allows authenticated remote attackers to inject malicious scripts via the noticeContent parameter in the System Notice Handler component, which are then executed in the browsers of other users viewing notices. The vulnerability requires user interaction (victims must view the injected notice) and authenticated access, limiting immediate attack scope, though publicly available exploit code and vendor non-responsiveness increase real-world risk.
SQL injection in AMTT Hotel Broadband Operation System 1.0 allows authenticated remote attackers with high privileges to manipulate the ID argument in /manager/card/cardhand_submit.php, potentially extracting or modifying database contents. Publicly available exploit code exists, though the CVSS score of 4.7 reflects the requirement for authenticated administrative access, limiting real-world impact compared to unauthenticated SQL injection vulnerabilities.
Command injection in Wavlink WL-WN570HA1 firmware version R70HA1 V1410_221110 allows authenticated remote attackers to execute arbitrary system commands via manipulation of the DDNS argument in the ping_ddns function of /cgi-bin/adm.cgi. The vulnerability affects only unsupported end-of-life firmware that the vendor has removed from distribution; publicly available exploit code exists but real-world impact is limited due to end-of-support status and authentication requirement.
Command injection in Langflow up to version 1.8.4 allows authenticated remote attackers to execute arbitrary commands through the CodeParser.parse_callable_details function in the Full Builtins Module Handler component. The vulnerability has been publicly disclosed with exploit code available, affecting the code parsing functionality with limited confidentiality, integrity, and availability impact. The vendor did not respond to early disclosure notification.
Improper authorization in Calibre-Web up to version 0.6.26 allows authenticated remote attackers to manipulate the user_id parameter in the generate_auth_token function (cps/kobo_auth.py) to access or disclose information belonging to other users. The CVSS score of 2.1 reflects the requirement for prior authentication and limited impact scope, though publicly available exploit code exists.
Null pointer dereference in Telegram Desktop up to version 6.7.5 allows remote attackers without authentication to cause denial of service by crafting a malicious login_url argument in the Bot API RequestButton function. The vulnerability requires user interaction to click a malicious link and has a public exploit disclosure, though vendor response to early disclosure notification was not forthcoming.
SQL injection in youlai-boot up to version 2.21.1 via argument order manipulation in the getUserList endpoint allows authenticated remote attackers to execute arbitrary SQL queries with limited data access impact. The vulnerability affects the Users Endpoint component, has publicly available exploit code, and the vendor has not responded to disclosure attempts despite early notification.
SQL injection in Dolibarr ERP CRM up to version 23.0.2 allows authenticated remote attackers to execute arbitrary SQL queries via the fields parameter in the Shipments API Endpoint (_checkValForAPI function). Exploitation requires high attack complexity and authenticated access, with publicly available exploit code confirmed but no active exploitation reported in CISA KEV at time of analysis.