WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized nom, pdf, mp4,. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Session ID disclosure in Catalyst::Plugin::Statsd for Perl (versions ≤0.10.0) occurs when the StatsD communication channel lacks encryption, leaking authentication tokens over unsecured UDP to remote StatsD daemons. CVSS 7.5 (High) reflects network-accessible confidentiality impact, but EPSS score of 0.03% (9th percentile) and SSVC assessment (no observed exploitation, partial technical impact) indicate limited real-world exploitation activity. Vendor advisory from GitHub Security (GHSA-gjvr-hq83-fc38) confirms the issue with related advisories for similar Plack-Middleware-Statsd vulnerability (CVE-2026-45179).
Out-of-bounds heap read in XML::LibXML for Perl (all versions through 2.0210) allows remote attackers to trigger denial-of-service crashes by supplying XML node names with truncated UTF-8 sequences. The parser fails to validate multi-byte UTF-8 boundaries in node names, reading past allocated memory into adjacent heap regions. No public exploit identified at time of analysis, with EPSS score of 0.01% indicating very low observed exploitation probability. Vendor-released patch available via upstream commit 15652bd9.
SQL injection in PHP's PDO Firebird driver allows remote attackers to manipulate database queries when applications use PDO::quote() with attacker-controlled input containing NUL bytes. The vulnerability affects PHP versions 8.2.* through 8.5.* across all maintained branches, with vendor patches released (8.2.31, 8.3.31, 8.4.21, 8.5.6). CVSS 7.4 with network attack vector but requires user interaction and precise timing conditions (AT:P). Proof-of-concept exploitation status confirmed (E:P), though no active exploitation identified in CISA KEV at time of analysis.
Improper authentication in IAS Canias ERP 8.03 allows remote unauthenticated attackers to bypass authentication via the iasServerRemoteInterface.doAction function in the Java RMI Session Management component, granting unauthorized access to ERP functionality without valid credentials. CVSS 6.9 indicates moderate severity with low confidentiality and integrity impact. No public exploit code or active exploitation has been confirmed at time of analysis.
Information disclosure in Industrial Application Software IAS Canias ERP 8.03 allows remote attackers to extract sensitive data through observable response discrepancies in the Login RMI Interface doAction function. The vulnerability requires high attack complexity but can be exploited without authentication or user interaction. Publicly available exploit code exists, though the vendor has not responded to early disclosure notifications.
Hard-coded cryptographic key in Canias ERP 8.03 JNLP Deployment Endpoint allows unauthenticated remote attackers to obtain sensitive information through manipulation of the affected component. The vulnerability affects the Java Network Launch Protocol deployment mechanism, enabling key discovery and potential decryption of encrypted communications. No vendor patch has been released despite early disclosure notification.
Net::CIDR::Lite before version 0.24 accepts CIDR mask values with extraneous leading zeros (such as '/00' or '/01'), causing them to parse identically to their unpadded equivalents ('/0' or '/1'). This permits attackers to bypass IP-based access control lists by supplying alternate representations of the same network prefix, potentially granting unauthorized access to restricted resources. The vulnerability affects all Perl installations using vulnerable versions of this library and is rated with CVSS 6.5 (moderate integrity and availability impact). No active exploitation has been confirmed by CISA, but the flaw is automatable and exploitable remotely without authentication.
Net::CIDR::Lite Perl module versions before 0.24 fail to properly validate IP address and CIDR mask inputs, allowing attackers to bypass IP-based access control lists by supplying malformed addresses that are re-encoded differently by the parser. Inputs with trailing newlines or non-ASCII digit characters pass validation but resolve to unintended IP addresses, causing find() and bin_find() functions to incorrectly match or miss addresses. This affects network security controls that rely on CIDR matching for authorization decisions.
The DOMNode::C14N() method in PHP 8.4.x before 8.4.21 and 8.5.x before 8.5.6 incorrectly processes XML data, creating circular linked lists in the document structure that trigger infinite loops during subsequent XML processing, causing denial of service. Unauthenticated remote attackers can trigger this by submitting malformed XML to applications using affected PHP versions, though attack complexity is noted as present in the CVSS vector.
Out-of-bounds read in PHP's mbstring extension allows remote attackers to trigger information disclosure or denial of service via specially crafted encoding names containing NUL bytes passed to mb_convert_encoding() and related functions. Affected versions: PHP 8.4.0-8.4.20 and 8.5.0-8.5.5. The vulnerability stems from unsafe string length comparison logic that misinterprets strncasecmp() return values when NUL bytes are present, potentially exposing global memory contents or crashing the application. No public exploit code identified at time of analysis.
OS command injection in Wavlink NU516U1 240425 via the ipaddr parameter in /cgi-bin/login.cgi allows authenticated remote attackers to execute arbitrary system commands with limited impact (confidentiality, integrity, availability). The vulnerability requires valid credentials (PR:L) but can be exploited over the network without user interaction. Publicly available exploit code exists, and the vendor was notified during coordinated disclosure.
Remote command injection in Wavlink NU516U1 240425 allows authenticated attackers to execute arbitrary OS commands via manipulation of the AuthMethod or EncrypType arguments in the WifiBasic function of /cgi-bin/wireless.cgi. Publicly available exploit code exists, and the vendor was notified early of the disclosure.
OS command injection in Wavlink NU516U1 240425 wireless configuration module allows authenticated remote attackers to execute arbitrary system commands via manipulation of the wlan_conf/Channel/skiplist/ieee_80211h parameter in /cgi-bin/wireless.cgi. Publicly available exploit code exists, and the vendor was notified early of disclosure. CVSS 6.3 reflects the moderate impact of command execution under authenticated conditions.
Remote OS command injection in Wavlink NU516U1 240425 via the wzdapMesh function in /cgi-bin/adm.cgi allows authenticated remote attackers to execute arbitrary operating system commands with limited system impact. Publicly available exploit code exists, and the vendor has been notified of the disclosure.
OS command injection via Runtime.getRuntime.exec in Canias ERP 8.03 RMI Interface allows authenticated remote attackers to execute arbitrary operating system commands by manipulating the troiaCode argument. The vulnerability carries low confidentiality, integrity, and availability impact (CVSS 2.1), but publicly available exploit code exists and the vendor has not responded to early disclosure.
OS command injection in 8421bit MiniClaw 0.8.0 and 0.9.0 allows local authenticated attackers to execute arbitrary system commands via the resolveSkillScriptPath function in the System Command Handler (src/kernel.ts). The vulnerability stems from unsafe command construction using string concatenation with unsanitized user input passed to shell execution. Publicly available exploit code exists, and a patch has been released by the vendor.
Null pointer dereference in Open5GS Session Management Function (SMF) up to version 2.7.7 allows authenticated remote attackers to cause denial of service by manipulating the smf_nsmf_handle_create_data_in_hsmf function. Publicly available exploit code exists, and the project has been notified but has not yet released a patch.
Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the Service Mobile Function (SMF) component via manipulation of the update_authorized_pcc_rule_and_qos function in the Policy and Charging Control (PCC) handler. The vulnerability has a CVSS score of 2.1 with low availability impact; publicly available exploit code exists, and the project maintainers have not yet responded to early disclosure.
Denial of service in Open5GS up to version 2.7.7 via the smf_n4_build_qos_flow_to_modify_list function in the SMF (Session Management Function) component allows remote authenticated attackers to crash the service with low attack complexity. The vulnerability has been publicly disclosed with exploit code available; the vendor was notified early but has not yet released a fix.
Denial of service vulnerability in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the Service Measurement Function (SMF) component via improper handling in the update_authorized_pcc_rule_and_qos function. The vulnerability has a publicly available exploit and moderate CVSS score (4.3) but is limited to authenticated access and results in availability impact only. The vendor has not yet released a patch despite early notification through a GitHub issue.
Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the Service Mobility Function (SMF) component via manipulation of the update_authorized_pcc_rule_and_qos function in npcf-handler.c. Publicly available exploit code exists, and the vendor has not released a patch despite early notification through issue tracking.
SQL injection in CodeAstro Online Catering Ordering System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /deleteorder.php, with publicly available exploit code disclosed. Despite a low CVSS score of 2.1 due to authentication requirements and limited impact scope, the vulnerability enables data exfiltration or manipulation within the application's database with minimal attack complexity.
Cross-site scripting (XSS) vulnerability in Devs Palace ERP Online up to version 4.0.0 allows authenticated high-privilege users to inject malicious scripts via the /inventory/purchase_return_save endpoint. The vulnerability requires user interaction (UI:P) to trigger, and publicly available exploit code exists. The vendor has not responded to disclosure attempts, leaving affected installations without official guidance or patches.
Stored cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged users to inject malicious scripts via the /inventory/purchase_save endpoint, affecting the confidentiality of other users' sessions. The vulnerability requires administrative-level privileges and user interaction (UI:R), resulting in a low CVSS score of 2.4, though publicly available exploit code exists and the vendor has not responded to disclosure attempts.
Stored cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /inventory/supplier-save endpoint, affecting data integrity and confidentiality of other users viewing the supplier data. The vulnerability requires user interaction (UI:P) and high-level privileges (PR:H), limiting its exploitation scope; however, publicly available exploit code exists and the vendor has not responded to disclosure.
Authentication bypass in IAS Canias ERP 8.03 RMI Interface allows remote attackers to manipulate the sessionId parameter in the doAction function, circumventing authentication controls without requiring credentials or user interaction. Publicly available exploit code exists, and the vendor has not responded to disclosure efforts, leaving affected deployments without an official patch.
Remote path traversal in Industrial Application Software IAS Canias ERP 8.03 allows unauthenticated network attackers to read arbitrary files by manipulating the m_strSourceFileName argument in the iasRequestFileEvent function of the RMI Interface. The vulnerability has been publicly disclosed with proof-of-concept code available, and the vendor has not responded to early disclosure notification.
Denial of service in Open5GS up to version 2.7.7 allows remote unauthenticated attackers to crash the Policy Control Function (PCF) by manipulating the SmPolicyContextData.ipv6AddressPrefix parameter in the pcf_sess_set_ipv6prefix function. The vulnerability has publicly available exploit code and was disclosed despite vendor non-responsiveness, making it a known attack vector against 5G service provider infrastructure.
Denial of service in Open5GS up to version 2.7.7 via manipulation of the pcf_sess_sbi_discover_and_send function in the sm-policies endpoint allows remote unauthenticated attackers to disrupt service availability. Publicly available exploit code exists, and the upstream project has not yet issued a patch despite early notification via issue report.
Remote denial of service in Open5GS up to version 2.7.7 affects the sm-policies endpoint's pcf_nbsf_management_handle_register function, allowing unauthenticated network attackers to trigger a crash or service disruption with low attack complexity. Publicly available exploit code exists and the vendor was notified early but has not released a fix.
Plack::Middleware::Statsd versions before 0.9.0 leak user IP addresses to unsecured statsd daemons via unencrypted UDP communication. Remote unauthenticated attackers on the same network as the statsd daemon can intercept plaintext IP addresses transmitted by the middleware. Version 0.9.0 and later disable IP logging by default and use HMAC signatures when logging is enabled, eliminating the exposure.
Denial of service in Dotouch XproUPF 2.0.0 through manipulation of the vlib_worker_loop function in libvlib.so allows local authenticated attackers to crash the UPF process. The vulnerability has CVSS 5.1 (AV:A/AC:L/PR:L) and targets availability rather than confidentiality or integrity. No public exploit code or active exploitation has been confirmed; the vendor was notified early during responsible disclosure.
Improper access controls in Dotouch XproUPF 2.0.0 (release 088aa7c4) allow local authenticated attackers to bypass authentication mechanisms and gain unauthorized access to restricted functionality within the UPF component. The vulnerability requires high attack complexity and valid user credentials but affects confidentiality, integrity, and availability of the affected system. No public exploit code or active exploitation has been identified at time of analysis.
Cross-site scripting (XSS) in Devs Palace ERP Online through version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /inventory/item-save endpoint, requiring user interaction (UI:P) for exploitation. Public exploit code is available, and the vendor has not responded to early disclosure notification, leaving affected deployments without an official patch and at risk of account compromise or session hijacking by attackers with high administrative privileges.
Reflected cross-site scripting in Devs Palace ERP Online up to version 4.0.0 allows authenticated high-privilege users to inject malicious scripts via the /inventory/customer-save endpoint, requiring user interaction to execute. Despite public exploit availability and early vendor notification, no patch or vendor response has been documented. CVSS score of 1.9 reflects high authentication requirements and limited impact scope, though the presence of public exploit code indicates practical demonstration of the vulnerability.