Authentication bypass in JeecgBoot 3.9.1 mLogin endpoint allows remote attackers to circumvent login controls via manipulation of an unspecified function in LoginController.java, resulting in unauthorized access with confidentiality impact. The vulnerability has high attack complexity and difficult exploitability, but publicly available exploit code exists and the vendor has not responded to disclosure.
Wavlink NU516U1 M16U1_V240425 is vulnerable to remote OS command injection through the wzdap function in /cgi-bin/adm.cgi, where the EncrypType and wl_Pass parameters are passed unsanitized to system commands. An authenticated remote attacker can manipulate these arguments to execute arbitrary commands with the privileges of the web server process. Exploit code is publicly available (CVSS 6.3, EPSS probability indicated by E:P vector).
Remote OS command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated remote attackers to execute arbitrary system commands via the skiplist1/skiplist2 parameters in the wifi_region function of /cgi-bin/adm.cgi. The vulnerability is remotely exploitable with low complexity, affects confidentiality and integrity, and has publicly available exploit code.
OS command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated remote attackers to execute arbitrary system commands via unsanitized WAN configuration parameters (ppp_username, ppp_passwd, rwan_ip, rwan_mask, rwan_gateway) in the /cgi-bin/adm.cgi wan function. Publicly available exploit code exists and the vendor has been notified.
Remote authenticated command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated attackers to execute arbitrary OS commands via manipulation of wlan_bssid, sel_Automode, or sel_EncrypTyp parameters in the wzdrepeater function at /cgi-bin/adm.cgi. CVSS 6.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P) with public exploit code available; vendor was notified early of this disclosure.
OS command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated remote attackers to execute arbitrary commands via the change_wifi_password function in /cgi-bin/adm.cgi by manipulating the wl_channel, wl_Pass, or EncrypType parameters. Publicly available exploit code exists, and the vendor has been notified of the vulnerability.
Server-side request forgery in Akaunting 3.1.21 allows authenticated attackers to manipulate the Invoice PDF Rendering component via the config/dompdf.php file, enabling arbitrary HTTP requests from the server to internal or external systems. The vulnerability has CVSS score 2.1 with low severity impact across confidentiality, integrity, and availability; however, publicly available exploit code exists and the vendor did not respond to early disclosure, increasing real-world exploitation risk despite low CVSS metrics.
Cross-site request forgery in osTicket up to version 1.18.3 allows remote attackers to bypass CSRF token validation by manipulating the _method parameter via GET requests, enabling unauthorized state-changing operations without user interaction beyond clicking a malicious link. The vulnerability exploits improper HTTP method emulation in the Dispatcher component and has publicly available proof-of-concept code; a vendor patch is available.
Code injection in codelibs Fess up to 15.5.1 allows remote attackers with high privileges to execute arbitrary code via manipulation of the content argument in the AdminDesignAction.java JSP file handler. Publicly available exploit code exists for this vulnerability, and the vendor has not responded to early disclosure notification.
Heap-based buffer overflow in OSGeo GDAL's Grid File Handler (GDSDfldsrch function in frmts/hdf4/hdf-eos/GDapi.c) affects versions up to 3.13.0dev-4, allowing authenticated local attackers to cause memory corruption through malformed HDF4 grid files. The vulnerability results from unsafe string manipulation that fails to validate metadata field list format before performing memory operations. Publicly available exploit code exists; vendor-released patch available in version 3.13.0RC1.
Heap-based buffer overflow in GDAL's HDF4-EOS SWSDfldsrch function (frmts/hdf4/hdf-eos/SWapi.c) allows local authenticated attackers to cause memory corruption through manipulation of malformed HDF4 files. The vulnerability stems from unsafe string manipulation that fails to validate metadata field list format before stripping quotes, enabling out-of-bounds writes. Affects GDAL up to version 3.13.0dev-4; patch available in version 3.13.0RC1. Publicly available exploit code exists.
Improper validation of NumericDate claims (exp, nbf, iat) in hono/utils/jwt allows crafted JWT tokens with malformed time-based claims to silently bypass expiration and validity checks. This affects applications using Hono versions prior to 4.12.18. Exploitation requires the attacker to control token issuance or possess the signing key - unauthenticated remote exploitation is not possible. The vulnerability stems from combined short-circuiting logic that fails to reject non-finite, falsy, or non-numeric claim values as required by RFC 7519.
GrapheneOS versions before 2026050400 leak the real IP address of VPN users through a registerQuicConnectionClosePayload optimization that allows applications to request system_server transmit UDP traffic on their behalf, bypassing VPN confinement when both 'Block connections without VPN' and 'Always-on VPN' are enabled. This information disclosure affects users relying on VPN privacy protections and requires local access with user interaction to trigger, resulting in a CVSS 2.2 score despite the privacy-sensitive nature of IP address leakage.
Stored cross-site scripting (XSS) in JeecgBoot up to version 3.9.1 allows remote attackers to inject malicious scripts via SVG file handling in the CommonController component, requiring user interaction to trigger payload execution. The vulnerability has publicly available exploit code and affects the system's integrity through stored script injection, with a CVSS score of 2.1 reflecting low severity due to user interaction requirement and limited impact scope.
Command injection in aandrew-me tgpt up to version 2.11.1 allows local authenticated attackers to execute arbitrary commands via the helper.Update function in helper.go. The vulnerability requires local file system access and an authenticated user context but results in only limited confidentiality impact. Public exploit code exists, though the vendor has not responded to early disclosure attempts, leaving affected users without an official patch.