Heap-based buffer overflow in Ettercap's GG protocol dissector (versions up to 0.8.3) allows remote attackers to potentially achieve limited confidentiality, integrity, and availability compromise through crafted network traffic. The vulnerability exists in the ec_gg.c dissector when processing Gadu-Gadu instant messaging protocol packets. Publicly available exploit code exists (GitHub issue #1306), and vendor has released patch version 0.8.4 (commit feeae6fa). Despite network attack vector, exploitation difficulty is high (AC:H) with low EPSS risk, suggesting specialized targeting rather than mass exploitation.
Missing authentication in Vane up to 1.12.1 allows remote attackers to bypass intended access controls on API route.ts endpoints, potentially exposing or manipulating API functionality without credentials. Publicly available exploit code exists (GitHub issue #1123), though CVSS rates attack complexity as high (AC:H) with difficult exploitation, resulting in limited confidentiality, integrity, and availability impact (C:L/I:L/A:L). EPSS data not provided. Not listed in CISA KEV. Vendor (ItzCrazyKns) reportedly plans to implement basic authentication as remediation.
Cryptographic salt generation in Jasypt Spring Boot library (versions ≤3.0.5 and ≤4.0.4) uses predictable values, enabling offline password cracking attacks against encrypted configuration properties. The SimpleGCMConfig class's getSecretKeySaltGenerator function generates salts without sufficient entropy, reducing the computational cost for attackers who obtain encrypted passwords to derive plaintext through dictionary or brute-force attacks. Public exploit code exists (POC available) with EPSS indicating low probability of widespread exploitation (3.7 CVSS, AC:H). Vendor has not responded to responsible disclosure as of analysis date.
Command injection in the Edimax BR-6675nD 1.12 router's WPS start handler allows remote attackers with low-privilege authentication to execute arbitrary OS-level commands by supplying unsanitized shell metacharacters in the pinCode POST parameter of /goform/formWpsStart. Publicly available exploit code exists, confirmed via a Notion-hosted proof-of-concept referenced in VulDB reporting. The vendor was notified prior to disclosure but did not respond, and no patch has been released - leaving affected deployments without a vendor-supported remediation path.
Command injection in the Edimax BR-6675nD firmware 1.12 exposes the POST handler at /goform/formHwSet to OS-level command execution through multiple unsanitized parameters including regulatory domain and MAC address fields. Remote attackers holding low-privilege credentials can exploit this without user interaction, as confirmed by a publicly released proof-of-concept. The vendor was notified prior to disclosure but did not respond, leaving no official patch and no coordinated remediation path.
OS command injection in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 allows authenticated remote attackers to execute arbitrary system commands via the formWizSurvey web interface. The vulnerability exists in the /goform/formWizSurvey endpoint where input validation fails on the ip, mask, and gateway parameters. Publicly available exploit code exists (GitHub POC published), though no active exploitation has been confirmed by CISA KEV. EPSS data not available for this recent CVE. Vendor notified but non-responsive, indicating no official patch is forthcoming.
Command injection in Edimax BR-6675nD 1.12 router firmware allows authenticated remote attackers to execute arbitrary OS commands by manipulating over two dozen POST parameters in the formWlanMP wireless calibration handler. The vulnerable endpoint exposes ATE (Automated Test Equipment) and EEPROM power calibration parameters - none requiring special configuration to be present - that pass user input unsanitized to a system-level command interpreter. A publicly available proof-of-concept exploit exists, no vendor patch has been released, and the vendor did not respond to responsible disclosure, leaving affected deployments permanently unmitigated absent compensating controls.
Command injection in the Edimax BR-6675nD 1.12 router's web management interface allows remote authenticated attackers to execute arbitrary OS commands by manipulating the sub_dir parameter of POST requests to the /goform/formUSBStorage endpoint. The vulnerability stems from unsanitized input passed directly to a system-level command in the formUSBStorage function (CWE-77). A public proof-of-concept exploit has been published, the vendor has not responded to disclosure, and no patch is available, leaving all known-affected deployments without an official remediation path.
Command injection in Edimax EW-7438RPn 1.12 allows authenticated remote attackers to execute arbitrary OS commands via the 'method' parameter in the formEZCHNwlanSetup POST handler at /goform/formEZCHNwlanSetu. Public exploit code exists (CVSS E:P), enabling low-complexity attacks that compromise confidentiality, integrity, and availability at low impact levels. EPSS data not available. Not currently listed in CISA KEV, suggesting targeted rather than widespread exploitation. Vendor was notified but has not issued a patch or advisory.
Command injection in Edimax EW-7438RPn 1.12 allows authenticated remote attackers to execute arbitrary operating system commands via the max_Conn and timeOut parameters in the formConnectionSetting endpoint. The vulnerability requires low-privilege authentication but no user interaction, with public exploit code available. EPSS data not available; vendor unresponsive to disclosure.
Remote command injection in Edimax EW-7438RPn 1.12 allows authenticated attackers to execute arbitrary OS commands by manipulating the submit-url parameter in the formAccept function via /goform/formAccep endpoint. Public exploit code is available (EPSS not provided in input data). Vendor was notified but has not responded or issued a patch, leaving devices vulnerable to takeover by users with low-level credentials.
Command injection in Edimax EW-7438RPn 1.28a allows authenticated remote attackers to execute arbitrary system commands via crafted POST parameters to the /goform/formHwSet endpoint. The vulnerability affects the formHwSet function's handling of multiple configuration parameters including Antenna, Mcs, regDomain, MAC addresses, SSID, and channel settings. Public exploit code exists (CVSS E:P), significantly lowering the barrier to exploitation, though CISA KEV does not list active widespread exploitation at time of analysis.
Improper authorization in JPress versions 1.0.0 through 1.0.3 allows any authenticated low-privilege user to manipulate the `id` and `userId` parameters at the `/ucenter/article/doWriteSave` UCenter endpoint, potentially reading or overwriting article data belonging to other users. Publicly available exploit code exists (disclosed via GitHub issue #194), though EPSS sits at 0.03% (10th percentile) and SSVC classifies current exploitation status as 'none,' indicating limited real-world uptake despite the public disclosure. The vendor has not responded to responsible disclosure and no patch has been released.
Uncontrolled recursion in PostCSS up to 7.1.1 allows remote attackers to trigger denial of service via crafted CSS input requiring user interaction. The vulnerability resides in the toString function of AST serialization logic (src/selectors/container.js). Publicly available exploit code exists (EPSS exploitation probability should be assessed). Vendor considers this low-risk since most users compile their own CSS rather than processing untrusted user-generated CSS, indicating limited real-world attack surface in typical deployment scenarios.
Cross-site scripting in SourceCodester SUP Online Shopping 1.0 is exploitable via the productName parameter in /admin/productedit.php, where unsanitized input is rendered back to the browser without proper encoding. An attacker already holding high-privilege admin credentials can inject a JavaScript payload that executes when another user interacts with the affected admin page. Publicly available exploit code exists per a referenced GitHub issue, though EPSS at 0.03% (9th percentile) and absence from CISA KEV indicate negligible active exploitation interest at time of analysis.
Local privilege escalation in NousResearch hermes-agent 2026.4.23 allows authenticated local users to manipulate plugin discovery logic via HERMES_ENABLE_PROJECT_PLUGINS environment variable, resulting in unauthorized information disclosure and potential integrity compromise of the CLI web-dashboard interface. Publicly available exploit code exists (EPSS data not provided, not listed in CISA KEV). The vendor did not respond to responsible disclosure attempts, leaving remediation status uncertain.
Open redirect in SPIP's ecrire subsystem allows authenticated remote attackers with low privileges to redirect victims to arbitrary external URLs via the action/cookie.php endpoint, affecting all SPIP versions prior to 4.4.15. The CVSS score of 3.5 (Low) is consistent with EPSS at 0.03% (7th percentile) and SSVC's determination of no exploitation and partial technical impact, making this a low-urgency but patchable flaw. No public exploit identified at time of analysis, and CISA KEV does not list this vulnerability.
UI layer spoofing in the Besen BS20 EV Charging Station's Firmware Version Check component allows remote unauthenticated attackers to manipulate rendered UI layers (CWE-1021), producing falsified firmware version displays with a limited integrity impact on the vulnerable system. All firmware builds up to 20260426 are affected per ENISA EUVD-2026-31552, with a publicly documented proof-of-concept available on GitHub. Vendor acknowledgment was received as of April 2026 with no released patch confirmed - attack complexity is rated High and EPSS exploitation probability sits at 0.03% (8th percentile), indicating negligible real-world exploitation likelihood at this time.
Stored or reflected cross-site scripting in vBulletin 6.x login component allows authenticated users with low privileges to inject malicious scripts that execute when other users interact with the manipulated login function. Public proof-of-concept exists (CVSS E:P) but detailed exploitation steps are being withheld by VulDB. Vendor did not respond to disclosure, and no patch release has been announced. EPSS data unavailable; not listed in CISA KEV, suggesting limited observed exploitation despite public POC availability.
Cleartext credential exposure in the Besen BS20 EV Charging Station's BLE and UDP interfaces allows an adjacent-network attacker with low privileges to intercept authentication material transmitted without adequate protection. All firmware versions up to 20260426 are affected per EUVD-2026-31547 and NVD CPE data. Publicly available exploit code exists per a researcher's GitHub disclosure; however, no CISA KEV listing and an EPSS of 0.01% (3rd percentile) indicate no confirmed widespread exploitation at time of analysis.
Unauthenticated capture-replay authentication bypass in the Besen BS20 EV Charging Station (firmware up to 20260426) exposes the device's BLE/WiFi interface to unauthorized command injection. An attacker physically adjacent to the charger can intercept and replay wireless authentication tokens to issue tampered charging commands without valid credentials. No patch has been released as of the analysis date; the vendor acknowledged the report in April 2026 and confirmed they are reviewing it. Publicly available proof-of-concept code exists (CVSS E:P), though exploitation probability remains very low (EPSS 0.03%, 11th percentile), consistent with the high attack complexity and adjacent-only access requirement.
Weak password requirements in the Bluetooth Low Energy (BLE) handler of the Besen BS20 EV Charging Station (firmware up to 20260426) expose the device to credential brute-forcing from adjacent-network attackers within Bluetooth range. The flaw, catalogued under CWE-521, results in limited confidentiality impact (VC:L in CVSS 4.0) with no integrity or availability consequences, yielding an overall CVSS 4.0 score of 1.3. Publicly available exploit code exists (E:P in CVSS vector, GitHub PoC at carfeii/besen), though EPSS sits at 0.01% (2nd percentile), and no active exploitation has been confirmed by CISA KEV. Besen acknowledged the report as of April 2026 but no patched firmware version has been released.