OS command injection in SonicCloudOrg sonic-agent (all versions up to 2.7.2) enables remote code execution through the Android WebSocket Server component. An authenticated remote attacker can manipulate the `path` argument in AndroidWSServer.java to inject arbitrary OS commands on the host running the agent. Publicly available exploit code exists (GitHub PoC by xpp3901), no vendor patch will be issued as the product is end-of-life, and the vendor is unresponsive to disclosure - creating a permanent, unmitigable risk for any active deployment.
Privilege escalation in Leantime up to 3.8.0 allows authenticated low-privileged users to elevate their role to owner by manipulating the role argument in JSON-RPC requests to the editUser/addUser endpoint. The server fails to verify whether the calling user is authorized to assign elevated roles, a CWE-285 Improper Authorization flaw. A public proof-of-concept exploit has been disclosed, and the vendor did not respond to coordinated disclosure, meaning no patch is confirmed available.
Server-side request forgery in Helicone ai-gateway (up to 0.2.0-beta.30) allows a low-privileged remote attacker to manipulate the `extracted_path_and_query` argument within the `build_target_url` function of the AWS Metadata Service component, causing the gateway to issue unauthorized server-side HTTP requests to internal infrastructure. For deployments on AWS, this most critically targets the EC2 Instance Metadata Service (IMDS) at 169.254.169.254, potentially exposing IAM role credentials that carry blast radius far exceeding the assigned CVSS 5.3 score. A public exploit exists via GitHub, and the vendor was unresponsive to pre-disclosure contact, meaning no vendor-confirmed patch is available at time of analysis.
SQL injection in IceHRM 35.0.1 and earlier allows authenticated remote attackers to manipulate backend database queries via the `employeeList` parameter in the EmployeeAttendanceReport PHP component, yielding partial confidentiality, integrity, and availability impact. A public proof-of-concept is available via a GitHub issue report, and the IceHRM project has not responded to the disclosure, leaving no vendor patch available. No CISA KEV listing exists, so widespread active exploitation at scale is unconfirmed, but the public PoC and unpatched status materially elevate practical risk for any organization running this software.
Improper authorization in Eleveo Call Recording Software 9.7.0 enables remote authenticated attackers to access call recordings they are not permitted to view by manipulating the `callId` parameter in the `/callrec/audio.jsp` endpoint. The flaw follows a classic Insecure Direct Object Reference (IDOR) pattern under CWE-285, where the application fails to enforce per-user ownership checks on recording identifiers. A public exploit has been released and no vendor patch exists - the vendor did not respond to responsible disclosure - making compensating controls the only available mitigation at this time.
Improper authorization in Eleveo Call Recording Software 9.7.0 allows authenticated remote attackers to bypass access controls on the /callrec/composeEmailAction.do endpoint, exposing limited confidential data. The flaw (CWE-285) means the application fails to enforce authorization decisions for at least one action reachable by low-privileged authenticated users. A publicly available proof-of-concept exploit has been disclosed via VulDB, and no vendor patch exists - the vendor did not respond to the coordinated disclosure. No public exploit identified at time of analysis as actively exploited (not in CISA KEV), though exploit code exists.
Improper authorization on the /callrec/pci_dss_status.jsp endpoint in Eleveo Call Recording Software 9.7.0 allows authenticated low-privilege users to access PCI DSS compliance status data they are not authorized to view. The exposed information reveals the payment card compliance posture of the organization, which could be leveraged to identify exploitable compliance gaps and inform targeted attacks against payment infrastructure. A public proof-of-concept exploit exists; the vendor did not respond to responsible disclosure, leaving no official patch or advisory available.
Server-side request forgery in AstrBot's dashboard MCP Test Endpoint allows low-privileged authenticated users to coerce the server into issuing arbitrary HTTP requests via a manipulated `mcp_server_config.url` parameter. All AstrBot versions through 4.25.2 are affected via the `ToolsRoute.test_mcp_connection` function in `astrbot/dashboard/routes/tools.py`. A publicly available proof-of-concept exploit exists, and the vendor has not responded to disclosure, leaving no vendor-issued patch at time of analysis.
Improper authorization in Eleveo Call Recording Software 9.7.0 allows authenticated remote attackers to perform unauthorized operations on the Recorded Calls Page via the `/callrec/restoreCallAction.do` endpoint, potentially accessing or restoring call recordings outside their permitted scope. The vulnerability stems from CWE-285 (Improper Authorization), meaning the application fails to enforce access controls on the restore call action, permitting privilege escalation within the recording management interface. A publicly available proof-of-concept exploit exists per the CVSS 4.0 E:P supplemental metric; no patch has been confirmed by the vendor, who did not respond to disclosure attempts.
OS command injection in the Wavlink WL-NU516U1 router's CGI web administration interface allows authenticated network attackers to execute arbitrary operating system commands by injecting shell metacharacters into the lan_ip parameter of the adm.cgi endpoint. The wlink_uci_set_value function passes attacker-controlled input unsanitized into OS-level commands, enabling full compromise of the underlying Linux-based router OS. A public proof-of-concept exploit is available on GitHub (no public exploit identified at time of analysis for KEV), and the vendor has released a patched firmware as of June 22, 2026.
Remote code injection in pig-mesh Pig's pig-codegen module through version 3.9.2 allows low-privileged authenticated attackers to execute arbitrary code server-side via the GeneratorServiceImpl component, reachable over the network. A publicly available proof-of-concept exploit exists at GitHub (sombra0316/CVE-2026), elevating the urgency for defenders. No vendor patch has been released, and the vendor did not respond to responsible disclosure, leaving affected deployments without an official remediation path.
Broken access control in Leantime's API component (versions up to 3.8.0) allows authenticated low-privileged users to invoke the Setting::saveSetting function and modify application settings beyond their authorization level. The flaw is classified under CWE-285 (Improper Authorization) and is tagged as an authentication bypass and broken access control issue, meaning the application fails to enforce permission boundaries after login. A publicly available proof-of-concept exploit exists per VulDB and bytium.com; no CISA KEV listing was identified at time of analysis, and the vendor has not responded to disclosure.
Server-side request forgery in AstrBot up to version 4.25.2 allows authenticated remote attackers to cause the server to issue arbitrary HTTP requests by supplying a malicious value for the `custom_registry` parameter at the `market_list` plugin marketplace endpoint. The affected function is `get_online_plugins` in `astrbot/dashboard/routes/plugin.py`. A public proof-of-concept exploit is available on GitHub, though this vulnerability is not listed in the CISA KEV catalog. The CVSS 4.0 score of 2.1 reflects the authentication barrier and constrained impact, making this a lower-priority but tactically exploitable issue for attackers with dashboard access.
Improper authorization in AstrBot's Scheduled Task Handler allows a remote low-privileged user to bypass authorization controls by manipulating the payload["note"] argument in FutureTaskTool.call (astrbot/core/tools/cron_tools.py), affecting all versions up to and including 4.25.2. A publicly available proof-of-concept exploit (GitHub gist) demonstrates exploitation. No patch has been released and the vendor did not respond to disclosure; EPSS and CVSS 4.0 score this at 5.3, indicating moderate-to-low real-world severity, but the active POC elevates practical risk for deployed instances. Not currently listed in CISA KEV.
OS command injection in SonicCloudOrg sonic-agent up to version 2.7.2 allows remote low-privileged attackers to execute arbitrary system commands via the evalIsFailed function in the Groovy Script Handler component. The public proof-of-concept - titled 'Unsandboxed_RCE' - confirms that Groovy scripts are executed without a security sandbox, enabling full host-level command execution. Critically, this is an end-of-life product with no vendor response and no patch, meaning no fix is forthcoming; no public exploit identified in CISA KEV at time of analysis, but a public POC exists.
SQL injection in AMTT Hotel Broadband Operation System 1.0 exposes the `manager/network/switch_status.php` endpoint to database manipulation via an unsanitized `ID` parameter, exploitable by authenticated remote attackers. A public proof-of-concept exploit exists (GitHub issue referenced in VulDB entry), though the vulnerability is not listed in CISA KEV. The CVSS 4.0 score of 2.0 reflects the high-privilege authentication barrier (PR:H) that significantly constrains real-world attack surface, limiting this primarily to insider threat or post-compromise escalation scenarios within hotel network management environments.
Improper access controls in MiniTool Partition Wizard's signed kernel driver pwdrvio.sys (versions up to 13.6) allow a local low-privileged user to interact with privileged driver functionality without authorization. The vulnerability is tagged as an authentication bypass against a kernel-mode component, meaning a standard user account can invoke driver operations that should be restricted to administrative or system-level callers. A publicly available proof-of-concept exploit lowers the practical exploitation bar, though no active exploitation is confirmed via CISA KEV at time of analysis.
Improper access control in the diskbckp.sys kernel driver of QILING Disk Master 6.0.0.0 allows local low-privileged users to bypass authorization checks and interact with privileged kernel driver functionality. Tagged as an authentication bypass, the flaw resides in an unknown function within the kernel driver component, enabling manipulation of access control logic without elevated credentials. A public proof-of-concept exploit has been disclosed (no CISA KEV listing); the vendor has released a patch via beta download.
Denial of service in Zephyr RTOS's Nuvoton NuMaker HSUSBD USB device-controller driver allows a physical or adjacent USB host to permanently wedge the device's USB control endpoint. The driver unconditionally arms the control Data IN stage without accounting for the hardware's inability to disarm an already-armed transfer, so a host that cancels an in-flight control transfer and then re-issues a SETUP packet drives the driver out of sync. Repeated cancel-and-re-SETUP cycles cause the control endpoint to NAK every subsequent transfer, rendering the USB function non-operational until a USB reset or re-plug. No public exploit identified at time of analysis.
Path normalization failure in filebrowser's DeleteWithPathPrefix function allows authenticated users on versions before 2.63.17 to leave stale public share records intact by deleting directories with trailing-slash paths. After deletion, an attacker can recreate the same directory path and cause its new contents to be silently exposed through the previously dormant, still-valid public share URL. No public exploit code has been identified at time of analysis, and the vendor-confirmed CVSS 4.0 score of 2.3 reflects the high complexity and limited confidentiality impact.
SQL injection in Bahmni bahmnicore up to version 0.93 allows low-privileged authenticated remote attackers to manipulate backend database queries via the additionalParams argument at the /openmrs/ws/rest/v1/bahmnicore/sql Search Endpoint. Public exploit code exists (confirmed by E:P in CVSS 4.0 supplemental metrics and the CVE description), lowering the bar for exploitation to any user with valid application credentials. Fixed versions spanning all active release branches (0.93.1 through 2.0.1) were released July 2026, and organizations running affected versions in healthcare environments should prioritize patching given the sensitivity of stored patient and clinical data.
Missing authorization in Coolify's Policy Handler allows authenticated remote attackers to bypass resource-level access controls in versions up to 4.1.1. The flaw resides in the /app/Policies/ component, where policy enforcement checks are absent or incomplete, enabling low-privileged users to access or manipulate resources beyond their intended authorization scope. A public proof-of-concept exploit is available, raising the urgency for operators running self-hosted Coolify instances.
Cross-site scripting in igweze Wizgrade's dashboard/studentConductManager.php allows remote, unauthenticated attackers to inject and execute malicious scripts in a victim's browser upon interaction with a crafted request. The vulnerability was publicly disclosed with exploit code available (CVSS 4.0 E:P), and the vendor did not respond to pre-disclosure contact, leaving no official patch or remediation guidance. No active exploitation has been confirmed via CISA KEV, though the public exploit raises the risk of opportunistic targeting of school or academic institutions using this PHP-based student management system.
Cross-site scripting in vnotex vnote up to version 3.20.1 allows a remote attacker with low-level privileges to inject malicious scripts via the YAML frontmatter `p_metaData` argument processed by `/src/data/extra/web/js/markdownit.js`. When a victim views or renders a specially crafted note containing malicious YAML metadata, the injected script executes in their browser context, enabling limited integrity manipulation. No patch is available at time of analysis - the vendor did not respond to responsible disclosure contact - and exploit code is publicly referenced via VulDB.