Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Buffer overflow in the Edimax BR-6478AC 1.23 router's web management interface allows remote attackers with low-level credentials to corrupt memory by sending an oversized selSSID parameter to the /goform/formQoS endpoint. Publicly available exploit code exists per VulDB, raising the practical risk despite the CVSS 4.0 base score of 7.4, though there is no public exploit identified at time of analysis in CISA KEV. The flaw threatens the confidentiality, integrity, and availability of affected SOHO routers and could lead to arbitrary code execution or device takeover.
Stack-based buffer overflow in Shibby Tomato router firmware (versions up to 1.28) allows remote attackers to corrupt memory in the ripd daemon via the rip_zebra_read_ipv4 function in the Zserv Handler component. Publicly available exploit code exists, and the project is end-of-life - superseded by FreshTomato - so no vendor patch will be released. CVSS 4.0 score of 7.4 reflects network attack vector with low complexity but requires low-privilege access (PR:L) per the vector.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the formSetDomainFilter handler at /goform/formSetDomainFilter by manipulating the blocked_domain, permitted_domain, blocked_domain_list, or permitted_domain_list parameters. Publicly available exploit code exists, and the vendor has stated the device has been end-of-life since 2009 and will not receive a fix, leaving any internet-exposed unit permanently vulnerable. No CISA KEV listing or EPSS data was provided, but the combination of public PoC and abandoned hardware materially elevates real-world risk.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 routers allows authenticated remote attackers to corrupt memory and likely execute arbitrary code by sending a crafted protocol_name argument to the formSetProtocolFilter handler at /goform/formSetProtocolFilter. Publicly available exploit code exists on GitHub, and the vendor has confirmed the device has been end-of-life since 2009 and will not receive a fix, leaving deployed units permanently vulnerable.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows remote authenticated attackers to corrupt memory and likely execute arbitrary code by sending crafted keyword_list or keyword parameters to the /goform/formSetUrlFilter endpoint. Publicly available exploit code exists on GitHub, and the vendor has explicitly refused to issue a fix because the device has been end-of-life since 2009. No CISA KEV listing at this time, but the combination of public PoC, network reachability, and unpatched status makes any internet-exposed device a standing target.
Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows remote authenticated attackers to corrupt memory by manipulating the firewall_name parameter sent to /goform/formSetFirewallRule, potentially leading to arbitrary code execution on the device. Publicly available exploit code exists for this issue, and because the product has been end-of-life since 2009 the vendor has explicitly refused to release a fix, leaving any still-deployed devices permanently vulnerable.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the filter_name parameter of the formSetMACFilter handler at /goform/formSetMACFilter, potentially leading to arbitrary code execution or device compromise. Publicly available exploit code exists (published via GitHub), and the vendor has explicitly stated they will not patch because the device reached end-of-life in 2009. Despite a CVSS 4.0 score of 7.4, no CISA KEV listing or EPSS data is provided in the source intelligence.
Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Remote code execution in the Spectra Gutenberg Blocks WordPress plugin (versions up to and including 2.19.25) allows authenticated users with Contributor-level access or higher to execute arbitrary PHP on the server by abusing the plugin's block rendering logic. The flaw stems from the plugin trusting attacker-controlled block attributes to register a fake uagb/-prefixed block type with an arbitrary render_callback, which is then invoked via call_user_func() when a second block of the same type is rendered in the same request. No public exploit identified at time of analysis, but the low privilege bar (Contributor is commonly granted to untrusted guest authors) makes this a high-priority issue for sites with open registration.
Local privilege escalation in the Linux kernel eventpoll (epoll) subsystem stems from a use-after-free in ep_remove() where file->f_ep is cleared but the file pointer continues to be used inside the f_lock critical section, allowing a concurrent __fput() to free the underlying struct eventpoll and struct file. Successful exploitation yields an attacker-controllable kmem_cache_free() against the wrong slab cache, enabling memory corruption that can lead to high-integrity, high-confidentiality, and high-availability impact (CVSS 7.8). EPSS is very low (0.02%), no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Out-of-bounds read in the Zephyr RTOS SocketCAN implementation lets a local userspace application leak adjacent memory or crash the system by submitting a truncated CAN frame through the sendto syscall. The zcan_sendto_ctx() path guards the user-supplied buffer length only with a NET_ASSERT, which is compiled out of production builds, so socketcan_to_can_frame() then dereferences fields past the end of the buffer. All Zephyr versions up to and including 4.3 are affected; there is no public exploit identified at time of analysis and EPSS is negligible (0.01%, 2nd percentile).
SQL injection in the GEO my WP WordPress plugin (versions ≤4.5.5) allows unauthenticated remote attackers to append arbitrary SQL via the 'swlatlng' and 'nelatlng' query-string parameters, enabling extraction of sensitive database contents. The flaw stems from reading parameters directly from $_SERVER['QUERY_STRING'] with parse_str(), bypassing WordPress's wp_magic_quotes sanitization. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV, but exploitation requires only a public page hosting the Posts Locator results shortcode.
Authenticated privilege escalation to administrator in the Simple History WordPress plugin (versions through 5.26.0) allows a Subscriber-level user to read password-reset email contents logged by SimpleUserLogger and hijack admin accounts. The react/unreact event endpoints reuse a permission callback that only checks for a logged-in user, exposing full event context including reset URLs and keys. No public exploit identified at time of analysis, and exploitation requires that an administrator previously enabled the non-default experimental features option.
Stack-based buffer overflow in the Edimax BR-6478AC wireless router (firmware 1.23) allows remote attackers with low-privilege access to corrupt memory via a crafted pppUserName parameter sent to the formPPPoESetup handler at /goform/formPPPoESetup. Publicly available exploit code exists per VulDB, and the CVSS 4.0 vector (AV:N/AC:L/PR:L) indicates network-reachable exploitation with authentication, yielding high impact to confidentiality, integrity, and availability of the device. No active in-the-wild exploitation has been confirmed in CISA KEV at time of analysis.
Path traversal in the org.apache.sshd:sshd-git component of Apache MINA SSHD allows authenticated remote attackers to read files outside the intended Git repository directory by supplying crafted path references over SSH. The flaw was disclosed pre-NVD on the oss-security mailing list on 2026-05-30 by Apache maintainer Thomas Wolf, with no public exploit identified at time of analysis and no CISA KEV listing.