SQL injection in projectworlds Online Art Gallery Shop 1.0 exposes the admin panel to database manipulation via the unsanitized `social_twitter` parameter in `/admin/adminHome.ph`. Authenticated remote attackers with low-privilege credentials can craft malicious SQL payloads to read, modify, or corrupt backend database contents. A publicly available proof-of-concept exploit exists per the CVSS 4.0 E:P metric and the CVE description; however, no active exploitation has been confirmed in CISA KEV, and the overall CVSS 4.0 score of 2.1 reflects limited blast radius confined to the vulnerable system.
SQL injection in projectworlds Online Art Gallery Shop 1.0 enables remote low-privileged attackers to manipulate the `social_insta` parameter within `/admin/adminHome.php`, achieving limited read, write, and availability impact against the underlying database. Publicly available exploit code exists (CVSS 4.0 E:P), though the overall CVSS 4.0 score of 2.1 reflects a constrained impact scope - no subsequent system compromise is possible. This is not listed in the CISA KEV catalog; exploitation requires authenticated access rather than open unauthenticated attack.
Uncontrolled resource consumption in KeystoneJS's GraphQL API endpoint allows a remotely authenticated attacker with low-privilege credentials to degrade server availability by submitting deeply nested GraphQL queries that exhaust CPU or memory without bound. Versions up to snapshot 20260319 of the @keystone-6/core package are affected. A public proof-of-concept exists (CVSS E:P), though the vulnerability is not listed in CISA KEV and carries a CVSS 4.0 score of 2.1 - indicating limited real-world severity under most deployments.
Hash collision weakness in PaddlePaddle FastDeploy up to version 2.4.1 allows a local attacker with low privileges to cause the MultimodalHasher component to produce identical SHA-256 digests for semantically distinct numpy arrays that share raw byte content but differ in shape or dtype. This breaks the uniqueness guarantee of the hash_features function in fastdeploy/multimodal/hasher.py, enabling integrity violations in multimodal data pipelines relying on this component for deduplication or identity checks. No public exploit exists and no active exploitation is confirmed; the CVSS 4.0 score of 2.0 accurately reflects constrained real-world risk given local-only access and high attack complexity.
Hash collision vulnerability in Streamlit's caching layer (versions up to 1.53.0) allows a local low-privileged attacker to poison the application cache by supplying crafted PIL palette-mode images or large dataframes that produce identical hash digests for distinct objects. The root cause is twofold: PIL 'P'-mode (palette-indexed) images excluded palette data from the hash computation entirely, and fixed seed values (random_state=0) were used when sampling large pandas, numpy, and polars objects - both enabling deterministic hash collisions. No public exploit identified at time of analysis beyond the public disclosure of the issue. EPSS data is not available, but the CVSS 1.1 score (AV:L/AC:H/PR:L) places real-world risk as very low.
Cache key collision in Gradio 6.14.0's audio processing component allows a local low-privileged attacker to trigger information disclosure by exploiting incomplete hash inputs in the `save_audio_to_cache` function. Two audio arrays with identical raw bytes but differing metadata (sample rate, format, dtype, or shape) resolve to the same cache directory path, causing one cached audio file to overwrite or be served in place of another. Publicly available exploit code exists per the CVSS 4.0 E:P modifier and CVE description, though no active exploitation has been confirmed via CISA KEV. The CVSS 4.0 score of 1.1 accurately reflects the narrow real-world impact given the mandatory local access and high attack complexity.
Dataset digest computation in MLflow up to version 3.10.0 uses MD5 - a cryptographically broken algorithm - to fingerprint datasets, enabling a local attacker to craft colliding inputs that undermine dataset integrity tracking. Affected functions include compute_pandas_digest, compute_numpy_digest, and hash_dict_of_arrays in mlflow/data/digest_utils.py, which use a truncated 8-character MD5 digest that further reduces the collision space. Publicly available exploit code exists; this vulnerability is not confirmed actively exploited per CISA KEV, and the CVSS 4.0 score of 1.1 reflects the constrained local-only attack surface.
Command injection in stata-mcp (MCP-for-Stata) versions prior to 1.17.3 allows attackers to execute arbitrary Stata commands - including the `shell` directive - by supplying a crafted `log_file_name` parameter to the `stata_do` MCP tool or CLI. The flaw bypasses the existing `GuardValidator` security control, which only inspects do-file content and never examines wrapper parameters, enabling remote code execution and arbitrary file writes via path traversal. Publicly available exploit code exists in the GHSA advisory PoC, though no public exploit identified at time of analysis indicates in-the-wild abuse.
SQL injection in OpenMeter's meter creation API allows any authenticated tenant to execute arbitrary ClickHouse SQL against a shared database with no row-level security, enabling full cross-tenant data exfiltration. The vulnerable endpoint is POST /api/v1/meters, where the valueProperty and groupBy fields are interpolated directly into ClickHouse SELECT statements via fmt.Sprintf without parameterization, and the sanitization function (sqlbuilder.Escape) only escapes library-internal placeholder characters - not single quotes. A publicly available exploit code (PoC) exists demonstrating confirmed time-based blind injection, and no public exploit identified at time of analysis in the CISA KEV sense, though the PoC lowers the barrier to exploitation significantly.
Late signature validation in Siemens kas (pip/kas >= 4.8, < 5.3) allows an attacker who has already compromised a referenced upstream repository to substitute the cryptographic key used to validate that repository's tag signatures, effectively bypassing integrity checks entirely. Because kas processes and applies configuration includes from external repositories before verifying their signatures, a malicious repository can redirect the signature-validation key to one under attacker control. No public exploit code has been identified at time of analysis, and exploitation requires a highly specific multi-condition scenario including prior supply-chain access to a referenced upstream repo. Vendor-released patch version 5.3 resolves all related attack vectors.
Sender identity spoofing in matrix-sdk-crypto (Rust crate) versions 0.12.0 through 0.16.0 allows a malicious or colluding homeserver operator to forge the apparent sender of Olm-encrypted to-device messages by supplying manipulated `sender_device_keys` without a corresponding user ID validation check. The vulnerability is classified as CWE-290 (Authentication Bypass by Spoofing) and is patched in version 0.16.1. No public exploit code exists and this CVE is not listed in CISA KEV, but the attack's reliance on homeserver-level access defines a concrete and realistic threat model for federated Matrix deployments where server trust is not absolute.
Authentication bypass in doorkeeper-openid_connect's Dynamic Client Registration feature allows any party with a known client_id to obtain OAuth access tokens without supplying a client_secret. The root defect is in DynamicClientRegistrationController#register (dynamic_client_registration_controller.rb:18-25), which hard-codes confidential: false on every dynamically registered application while simultaneously returning a client_secret in the response and advertising client_secret_basic/client_secret_post auth methods. Because Doorkeeper's Application.by_uid_and_secret accepts a nil secret as valid for public (non-confidential) clients, the secret returned at registration is functionally decorative - any caller can authenticate at the token endpoint using only the public client_id. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists, but the advisory includes verbatim reproduction steps that document the bypass in full detail.