Improper authentication in NousResearch hermes-agent through version 0.15.2 allows remote attackers to bypass the Discord user allowlist by exploiting a logic flaw in the `DiscordAdapter._is_allowed_user` function within `gateway/platforms/discord.py`. Exploitation is rated high complexity (CVSS 4.0 AC:H), resulting in limited but confirmed confidentiality, integrity, and availability impact against the vulnerable system. A public proof-of-concept exploit has been disclosed via GitHub Gist; no vendor patch exists as the vendor did not respond to responsible disclosure.
PHP file inclusion in PHPIPAM allows authenticated API users to include and execute arbitrary PHP files from the web server's filesystem, with primary impact on application confidentiality through exposure of sensitive configuration data. Exploitation is gated behind two non-default conditions: the REST API must be deliberately enabled by an administrator, and the attacker must hold valid API credentials - constraining the realistic attack surface substantially. Publicly available exploit code exists per Project Black's research blog, though the vulnerability carries a CVSS 4.0 score of 2.3 and is absent from CISA KEV, reflecting its narrow exploitation prerequisites rather than widespread threat activity.
Denial of service in omec-project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows a low-privileged remote attacker to crash or degrade the NGAP Message Handler by submitting a crafted RRCInactiveTransitionReport message, exploiting improper resource release (CWE-404). The vulnerability affects the 5G core network control plane component responsible for UE mobility and session management, making it a high-value target in operator and research 5G deployments. No active exploitation is confirmed via CISA KEV, but a public proof-of-concept has been disclosed via GitHub issue #676 and a patch commit exists.
Cross-site scripting in code-projects Assessment Management 1.0 allows remote unauthenticated attackers to inject malicious scripts via the unsanitized `ID` parameter in `/admin/remove-user.php`. A public proof-of-concept exploit is available on GitHub (E:P in the CVSS 4.0 supplemental metrics), lowering the bar for exploitation. The vulnerability is not listed in the CISA KEV catalog, so confirmed widespread active exploitation has not been established, though the admin-facing endpoint makes session hijacking of privileged users a realistic outcome.
SQL injection in itsourcecode Hospital Management System 1.0 exposes patient and appointment data to remote attackers holding low-privilege credentials via the `patiente` parameter in `/patientappointment.php`. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) confirms network-reachable exploitation with no attack complexity, and the E:P modifier reflects a publicly disclosed proof-of-concept on GitHub. While not yet listed in CISA KEV, the combination of a live PoC, a healthcare data context, and trivial exploitation conditions makes this a credible risk for any organization running this application.
SQL injection in code-projects Assessment Management 1.0 allows authenticated remote attackers to execute arbitrary SQL queries by manipulating the smarksrange[] array parameter in /lecturer/marking-scheme.php. The CVSS 4.0 vector (PR:L) confirms low-privilege authentication is required, limiting the attack surface to registered users such as lecturers. A public exploit proof-of-concept is available on GitHub, elevating the practical risk despite the medium CVSS 4.0 score of 5.3 and no confirmed active exploitation in the CISA KEV catalog.
SQL injection in code-projects Assessment Management 1.0 exposes database query handling in the lecturer marking-scheme feature to manipulation via the unsanitized `squestions[]` parameter at `/lecturer/marking-scheme.php`. Authenticated remote attackers with low-privilege access can alter SQL query logic to extract or modify student assessment data. A public proof-of-concept exploit is documented on GitHub, lowering the skill bar for exploitation; however, the application is not listed in CISA KEV and carries a CVSS 4.0 score of 2.1 reflecting its constrained impact and authentication prerequisite.
Denial of service in omec-project's 5G Access and Mobility Management Function (AMF) versions up to 2.0.2 and 2.1.1 allows remote low-privileged attackers to crash the AMF process by sending a malformed NGSetupRequest message over the NGAP interface. A publicly available proof-of-concept exploit exists via GitHub issue #677, lowering the exploitation barrier substantially. No CISA KEV listing exists, but given the AMF's role as the central mobility and registration anchor in 5G core infrastructure, even a partial service disruption can deny connectivity across entire served cell areas.
Denial of service in the Open5GS AMF component (versions up to 2.7.7) can be triggered remotely by a low-privileged attacker via improper resource handling in the `amf_nnrf_handle_nf_discover` function of `src/amf/nnrf-handler.c`. The AMF is a critical 5G core control-plane element; crashing or hanging it disrupts mobility management and NF discovery for all connected UEs and network functions. A public proof-of-concept exists (GitHub issue #4517), and a patch commit has been identified, though the fix originates in a fork rather than the mainline repository.
Divide-by-zero in RT-Thread's lightweight process (lwp) syscall handler allows a low-privileged remote attacker to crash the RTOS by sending crafted read, write, or sys_ioctl system calls with malicious parameters to the affected handler in components/lwp/lwp_syscall.c. Affected versions are 5.2.2 and below. A public proof-of-concept exploit has been disclosed via GitHub issue #11429, though this vulnerability has not been added to the CISA KEV catalog, suggesting exploitation remains opportunistic rather than broadly weaponized. The upstream fix exists only as a pull request (PR #11453) awaiting merge acceptance.
Reflected/stored cross-site scripting in the Subscribed Emails Admin Page of kirilkirkov's Ecommerce-CodeIgniter-Bootstrap allows an unauthenticated remote attacker to inject arbitrary JavaScript by crafting a malicious HTTP User-Agent header, which is rendered unencoded via the checkForPostRequests function in application/core/MY_Controller.php. When an administrator subsequently views the subscription management panel, the payload executes in their browser session. A public exploit exists (CVSS E:P); this is not listed in CISA KEV, indicating no confirmed widespread active exploitation at time of analysis.
Open redirect in kirilkirkov Ecommerce-CodeIgniter-Bootstrap allows remote attackers to manipulate the href argument of the setReferrer() function in the Trusted Backend Interface, redirecting users to arbitrary attacker-controlled URLs. A publicly available proof-of-concept exploit exists (CVSS 4.0 E:P), lowering the exploitation barrier for phishing and credential harvesting campaigns. This vulnerability is not listed in CISA KEV, indicating no confirmed widespread active exploitation at time of analysis.
Out-of-bounds read in ONNX versions up to 1.21.x exposes limited memory contents to low-privileged remote attackers via the convPoolShapeInference_opset19 shape inference function. The CVSS 4.0 score of 2.1 reflects minimal real-world impact - confidentiality-only, low severity - yet a public proof-of-concept is available via GitHub issue #8036. No active exploitation has been confirmed by CISA KEV, and an upstream patch exists at commit a7bf3a0f1d18bb62575236ef6e4944980c40e045 via PR #8051.
Protection mechanism failure in NousResearch hermes-agent (≤ 0.15.2) allows remote authenticated attackers to bypass shell execution controls via the shell.exec function in tui_gateway/server.py, resulting in low-level confidentiality, integrity, and availability impact. The vulnerability is classified under CWE-693 and carries a CVSS 4.0 score of 5.3 (Medium), with a publicly available proof-of-concept exploit hosted on GitHub. No patch has been issued - the vendor did not respond to the researcher's disclosure - meaning all deployments of hermes-agent up to and including version 0.15.2 remain exposed.
SQL injection in itsourcecode Hospital Management System 1.0 exposes patient records to partial disclosure and modification via the `editid` parameter in `/patient.php`. The CVSS 4.0 vector (PR:L) confirms exploitation requires a low-privilege authenticated session, limiting the immediate attack surface to users who can log in. A public proof-of-concept exploit exists (E:P), elevating practical risk above the base score of 5.3, though no CISA KEV listing confirms active exploitation at time of analysis.
SQL injection in itsourcecode Hospital Management System 1.0 allows low-privileged authenticated remote attackers to manipulate database queries via the `editid` parameter in `/medicine.php`. The attack achieves partial confidentiality, integrity, and availability impact against the underlying database. A public proof-of-concept exploit has been published (tracked via GitHub issue), lowering the barrier for exploitation; however, no active exploitation has been confirmed by CISA KEV at time of analysis.
Cross-site scripting (XSS) in code-projects Assessment Management 1.0 allows a remote attacker with administrative credentials to inject malicious scripts via the User parameter in admin/view-users.php, executing arbitrary JavaScript in the browser context of users who view the affected admin page. The CVSS 4.0 vector (PR:H, UI:P) confirms exploitation is gated behind high-privilege authentication and requires a victim to load the tampered page. A public proof-of-concept exploit exists on GitHub, though no active exploitation or CISA KEV listing has been identified at time of analysis.
Denial-of-service in the grass Sass compiler (up to v0.13.4) allows a local attacker with low privileges to trigger exponential resource consumption via a crafted stylesheet using the CSS @extend directive. The affected functions are grass_compiler::selector::extend and grass_compiler::evaluate::visitor, where the @extend algorithm's inherently exponential complexity can be exploited with a maliciously constructed input to hang or crash the compiler process. A public exploit has been disclosed; however, the project maintainer explicitly contests the severity, noting that DoS conditions are an accepted and expected limitation of Sass compilers by design.
Session data exposure in FederatedAI FATE's OSX Broker gRPC component allows an authenticated federated party to manipulate session routing arguments and access data belonging to a different federated session. Affected versions extend through FATE 2.2.0, specifically in the QueuePushReqStreamObserver.initEggroll method within the Java-based OSX Broker. No public exploit confirmed active exploitation (not in CISA KEV), though exploit code has been publicly disclosed via a GitHub issue, and the CVSS 4.0 score of 2.3 reflects the high attack complexity and limited confidentiality impact.
Weak session hash generation in ForceInjection AI-fundermentals 2.0 and 3.0 exposes conversation history belonging to other users in shared deployments. The `get_conversation_history` function in the Memory Recall Handler generates `sessionowner` tokens using a cryptographically weak hash algorithm (CWE-328), allowing a low-privileged authenticated attacker to predict or brute-force another user's session identifier and retrieve their prior conversation records. A publicly available exploit exists per GitHub issue #17 and the CVSS 4.0 E:P modifier, though the high attack complexity (AC:H) and low overall score of 2.3 indicate exploitation is difficult and impact is limited to partial confidentiality loss - no integrity or availability impact is present.
Stored cross-site scripting in kirilkirkov's Ecommerce-CodeIgniter-Bootstrap allows remote unauthenticated attackers to inject malicious scripts via the title or description arguments of the hidden REST API endpoint /index.php/api/product/set, executing arbitrary JavaScript in the browsers of users who subsequently view the affected product data. A public exploit has been disclosed (CVSS 4.0 E:P), though the low CVSS 4.0 score of 2.1 and the user-interaction requirement constrain practical impact. No active exploitation is confirmed by CISA KEV, and a patch commit is available in the project repository.
Denial of service in NousResearch hermes-agent (versions up to 2026.4.30) is triggered by manipulating the `todos` argument passed to the `AIAgent.run_conversation` function via the HTTP API in `run_agent.py`. An authenticated remote attacker can send a crafted request to crash or resource-exhaust the agent process, disrupting availability for legitimate users. No public exploit identified at time of analysis is incorrect here - a public exploit exists (E:P in CVSS 4.0 vector; GitHub Gist referenced), and the vendor has not responded to disclosure, leaving no patch available.
SQL injection in CodeAstro Ecommerce Website 1.0 exposes authenticated customers to database manipulation via the c_name parameter on the account-editing endpoint. The vulnerability was publicly disclosed with a proof-of-concept exploit referenced on GitHub, meaning exploitation tooling is accessible. Impact is assessed as limited scope - low confidentiality, integrity, and availability - but network reachability and the public PoC raise opportunistic risk for unpatched deployments.
Uncontrolled memory allocation in HdrHistogram up to version 2.2.2 allows a local attacker with low-privilege access to crash a dependent Java application by supplying a crafted `lengthOfCompressedContents` value to the `decodeFromCompressedByteBuffer` function, exhausting JVM heap space and causing a denial-of-service. A public proof-of-concept exists (E:P per CVSS 4.0), though the vulnerability is not listed in CISA KEV, indicating no confirmed widespread active exploitation. The CVSS 4.0 score of 1.9 reflects the strictly local attack vector and limited impact scope - only availability at the vulnerable system level is affected.
Local denial-of-service in the grass Rust-based Sass compiler (versions up to and including 0.13.4) is triggerable by a local, low-privileged user who supplies crafted UTF-8 input to the `grass_compiler::raw_to_parse_error` function. Publicly available exploit code exists (CVSS 4.0 E:P), though no CISA KEV listing has been issued. The project maintainer has explicitly stated in Issue #117 that DoS in Sass compilers is considered acceptable behavior due to the inherently exponential nature of the @extend algorithm and other compile-time constructs, significantly reducing the urgency of a vendor-released fix.