Improper authorization in waoowaoo (versions up to 0.4.1) allows remote, unauthenticated attackers to bypass access controls on media resources by manipulating the storageKey argument passed to the stablePublicIdFromStorageKey function in the Media Handler component. The impact is limited to partial confidentiality disclosure (VC:L in CVSS 4.0), with no integrity or availability consequence. No vendor patch has been issued as of analysis time; a public exploit exists via a GitHub issue report (POC), though high attack complexity (AC:H) constrains opportunistic exploitation. This vulnerability is not listed in the CISA KEV catalog.
Authorization bypass in MacCMS Pro's installation module allows remote attackers to circumvent access controls via the `step5` function in the installation controller, affecting all versions through 2022.1000.3005. Exploitation is rated high-complexity (AC:H), limiting opportunistic mass exploitation, though a public proof-of-concept is available on GitHub. No CISA KEV listing at time of analysis; EPSS data was not included in the available intelligence, but POC availability elevates the practical risk above the raw CVSS score alone might suggest.
Cross-site scripting in SourceCodester Class and Exam Timetabling System 1.0 exposes users to script injection via the unvalidated `subject` parameter in `/subject.php`, exploitable remotely by unauthenticated attackers. A publicly available proof-of-concept exists on GitHub, confirming practical exploitability with minimal attacker skill. No CISA KEV listing is present; the CVSS 4.0 score of 5.3 reflects limited integrity impact constrained by required user interaction, though POC availability meaningfully elevates real-world risk above the raw score suggests.
Prototype pollution in TanStack DB's select() query compiler allows low-privileged remote attackers to mutate Object.prototype by supplying dot-notation alias paths containing reserved JavaScript property names such as __proto__, prototype, or constructor. Versions up to 0.6.8 are confirmed affected via CPE cpe:2.3:a:tanstack:db. A publicly available exploit exists (GitHub issue #1584), though the vulnerability is not in CISA KEV. The CVSS 4.0 base score of 2.1 reflects low integrity impact scoped to the vulnerable system, but the downstream consequences of Object.prototype mutation in JavaScript runtimes can exceed what raw scoring conveys depending on application logic.
SQL injection in itsourcecode Hospital Management System 1.0 exposes patient prescription data to remote authenticated attackers via the `delid` parameter in `/patviewprescription.php`. Low-privilege access is sufficient to exploit this CWE-89 flaw, enabling database read, write, and partial disruption. No public KEV listing exists, but a proof-of-concept exploit is publicly available on GitHub, materially lowering the barrier to exploitation beyond what the CVSS 4.0 score of 5.3 alone implies.
SQL injection in CodeAstro Simple Online Leave Management System 1.0 allows authenticated remote attackers to manipulate the Name parameter within /SimpleOnlineLeave/admin/dashboard.php to inject arbitrary SQL commands against the backend database. A public proof-of-concept exploit is confirmed via a GitHub issue reference, elevating real-world risk above the moderate CVSS 4.0 base score of 5.3. The CVE is not currently listed in the CISA KEV catalog, indicating no confirmed widespread active exploitation, but the low attack complexity combined with an available POC makes this a credible near-term threat for any internet-exposed deployment.
Reflected cross-site scripting in SourceCodester Class and Exam Timetabling System 1.0 allows remote unauthenticated attackers to inject arbitrary JavaScript via the unsanitized `subject` parameter in `/forsubject.php`. A victim user must interact with a crafted URL for the payload to execute in their browser. A public proof-of-concept exploit is available on GitHub, increasing the likelihood of opportunistic exploitation against deployed instances.
SQL injection in CodeAstro Simple Online Leave Management System 1.0 exposes the admin accept handler to database manipulation by low-privilege authenticated remote attackers via the `appid` POST parameter in `/SimpleOnlineLeave/admin/accept.php`. The CVSS 4.0 vector (PR:L, VC:L/VI:L/VA:L) indicates constrained but real impact against the vulnerable system's database, with confidentiality, integrity, and availability all partially compromised. A public exploit is available on GitHub and the E:P evidence tag in the CVSS 4.0 vector corroborates this - however, no CISA KEV listing exists, meaning active exploitation at scale is not confirmed at time of analysis.
SQL injection in CodeAstro Simple Online Leave Management System 1.0 allows authenticated remote attackers to manipulate backend database queries via the 'ID' parameter in /SimpleOnlineLeave/admin/deletemp.php. The CVSS 4.0 vector (PR:L) indicates low-privilege authenticated access is sufficient to trigger the flaw, and a public proof-of-concept exploit has been disclosed on GitHub. Impact is assessed as low across confidentiality, integrity, and availability, consistent with the CVSS 4.0 score of 2.1, though the underlying SQL injection primitive could theoretically be chained to extract or corrupt database content.
OS command injection in Shibby Tomato firmware up to 1.28.0000 allows authenticated remote attackers to execute arbitrary commands on the underlying router OS by manipulating the cifs1 or cifs2 arguments passed to the CIFS Mount Handler function sub_2D048. A publicly available proof-of-concept exploit exists on Gitee, lowering the barrier to exploitation. The risk is compounded by the fact that Shibby Tomato is an end-of-life project with no active maintenance, superseded by FreshTomato, meaning no patch is forthcoming from the original vendor.
OS command injection in Shibby Tomato router firmware through version 1.28.0000 allows low-privileged remote attackers to execute arbitrary OS commands by manipulating the jffs2_exec argument in the start_jffs2 component's sub_2D568 function. A publicly available proof-of-concept exploit exists on Gitee, confirming exploitability beyond theoretical analysis. The project is officially abandoned and superseded by FreshTomato, meaning no vendor patch will ever be released - remediation requires migrating to supported firmware.
Local File Inclusion (LFI) in SourceCodester Online Book Store System 1.0 allows authenticated remote attackers to read arbitrary files on the server by manipulating the `page` parameter in `/admin/index.php`, leading to source code and sensitive file disclosure. The vulnerability stems from unsanitized user input passed directly to PHP's include/require statement (CWE-98), with a publicly available proof-of-concept exploit documented on Medium. No patch has been identified; CVSS 4.0 scores this 2.1, reflecting the limited impact scope and authenticated precondition.
Unsafe deserialization in AkariAsai self-rag's `Indexer.deserialize_from` function exposes any deployment that processes externally supplied FAISS index files to potential arbitrary code execution. The vulnerability resides in `retrieval_lm/src/index.py` and is triggered when the `index_meta.faiss` argument is manipulated with a crafted payload - a classic CWE-502 pattern where Python's serialization routines (typically pickle) blindly instantiate attacker-controlled objects. A publicly available proof-of-concept exists per GitHub issue #105, elevating the practical risk beyond the moderate CVSS 4.0 score of 5.3. No active exploitation has been confirmed by CISA KEV, and the project maintainer had not formally responded to the disclosure at time of reporting.
Server-side request forgery in kLOsk adloop through version 0.9.0 allows authenticated remote attackers to manipulate the `final_url` argument passed to the `_validate_urls` function in `src/adloop/ads/write.py`, causing the server to issue arbitrary outbound HTTP requests. Internal network services, cloud metadata endpoints, and other non-public resources reachable from the server may be exposed. A public proof-of-concept exploit exists via GitHub issue #41, and a vendor-released patch is available in version 0.10.0.
Unrestricted file upload in SourceCodester Online Book Store System 1.0 allows authenticated remote attackers with administrative access to upload arbitrary PHP files via the Book Image Upload feature at /admin/index.php?page=books, enabling remote code execution on the host server. A public exploit proof-of-concept has been disclosed on Medium under the title 'Critical Authenticated Remote Code Execution via Unrestricted File Upload,' confirming practical exploitability. While PR:H limits exposure to actors holding admin credentials, successful exploitation yields full server-side code execution, making this a high-impact finding within its threat model.
Code injection in DedeCMS 5.7.118 exposes high-privileged remote attackers to arbitrary PHP code execution via the Column Name parameter in the Column Management component of `/plus/search.php`. The exploit document on GitHub describes a cache file writing mechanism through which attacker-supplied input is persisted to disk and subsequently executed by the PHP runtime. A public proof-of-concept exists; no active exploitation is confirmed in the CISA KEV catalog.
Unrestricted file upload in AREA 17 Twill CMS (versions up to 3.6.0) allows authenticated admin users to upload arbitrary file types via the `qqfilename` parameter in the Media Library Insert Page, creating a direct path to remote code execution on the underlying server. A public proof-of-concept documenting the full exploitation chain from file upload to RCE has been published by Bytium. No vendor patch exists - the vendor was contacted during responsible disclosure and did not respond, leaving all installations on affected versions without an official remediation path.
Path traversal in makafeli n8n-workflow-builder (versions up to 0.11.0) allows a local low-privileged attacker to manipulate the filePath argument in the update_node_from_file function within build/server.cjs, enabling arbitrary file reads and writes outside the intended directory scope. A publicly available proof-of-concept exists on GitHub (issue #28), and the vendor has not responded to the coordinated disclosure. No public exploit has been confirmed as actively exploited and it is not listed in CISA KEV, but the local requirement combined with POC availability makes this a credible insider or post-compromise risk.
Stored cross-site scripting (XSS) in SourceCodester Online Book Store System 1.0 allows a high-privileged authenticated attacker to inject malicious script payloads via the Name or Username fields in the User Management Module, which then execute in the browsers of other users who view the affected page. A publicly available proof-of-concept exploit exists, documented in a Medium article specifically demonstrating authenticated stored XSS in this module. This is not confirmed in the CISA KEV catalog, and real-world impact is constrained by the niche, educational nature of the affected software and the requirement for administrative credentials to inject payloads.
Unsafe deserialization in HashNeRF-pytorch's Checkpoint File Handler allows a local low-privileged attacker to achieve arbitrary code execution by supplying a malicious file via the `ckpt_path` argument to `torch.load()` in `run_nerf.py`. All commits up to 82885e698295982504eb6a26d060a6b2473e3706 are affected; a fix exists as an unmerged pull request (PR #50). A public exploit has been disclosed via GitHub issue #49, though no CISA KEV listing has been identified, indicating no confirmed widespread active exploitation at time of analysis.
Path validation bypass in kicad-mcp up to 3.3.1 enables local low-privileged users to read files outside intended directory scope by manipulating the `project_path` or `schematic_path` arguments processed by `kicad_mcp/utils/path_validator.py`. The protection mechanism in this MCP (Model Context Protocol) server for KiCad PCB design software fails to adequately sanitize or normalize supplied paths, resulting in limited confidentiality impact with no integrity or availability consequences. No public patch is available as of this analysis; a proof-of-concept exploit exists publicly via GitHub issue #57, though the project maintainer has not yet responded to the disclosure.
Path traversal in better-auth/better-icons (versions up to and including 1.0.5) allows a local low-privileged attacker to manipulate the icons_file argument passed to the scan_project_icons/sync_icon component, escaping the intended directory boundary to read or write arbitrary files accessible to the process. A public proof-of-concept has been disclosed via GitHub issue #18, and the vendor has not yet responded to the responsible disclosure. No CISA KEV listing exists; the CVSS 4.0 base score of 1.9 correctly reflects the constrained local-only attack surface and limited per-file impact.
Path traversal in augmnt augments-mcp-server 7.1.0 allows a local low-privileged attacker to read arbitrary files outside the intended project directory by manipulating the packageJsonPath argument passed to the scanProjectDeps function. The vulnerability is limited to confidentiality impact (VC:L) with no integrity or availability effect, and a proof-of-concept has been publicly disclosed via a GitHub issue. The vendor has not responded to the responsible disclosure report, meaning no patch is currently available.
Path traversal in alioshr memory-bank-mcp through versions 0.2.1 and 3.1 allows a local low-privileged user to read files outside the intended project directory boundary by supplying traversal sequences in the `projectName` argument processed by `list-project-files-validation-factory.ts`. A public proof-of-concept has been disclosed via GitHub issue #36, and no patch is available as the vendor has not yet responded to the coordinated disclosure. No confirmed active exploitation has been identified (not listed in CISA KEV), though the public exploit lowers the barrier for opportunistic local abuse.
Path traversal in tugcantopaloglu godot-mcp 2.0.0 allows a local low-privileged user to escape the intended project directory by manipulating the projectPath argument passed to the validatePath function within the run_project component. A public proof-of-concept has been disclosed via GitHub issue #9, raising practical exploitability above the raw CVSS score of 4.8 would suggest. No active exploitation is confirmed by CISA KEV; a vendor-released patch is available in version 3.0.0.
Heap-based buffer overflow in GNU LibreDWG 0.13.4-154-g0b573035 allows a local low-privileged attacker to corrupt heap memory by supplying a crafted DWG file processed through the R2004 section decompressor, yielding partial confidentiality, integrity, and availability impact. The vulnerability resides in `decompress_R2004_section` within `src/decode.c` and is exploitable whenever LibreDWG parses attacker-controlled R2004-format DWG content. A public proof-of-concept exploit file has been disclosed on GitHub; no CISA KEV listing is present, indicating no confirmed widespread active exploitation at time of analysis.
Inclusion of functionality from an untrusted control sphere in usestrix strix (up to v1.0.2) allows remote attackers to manipulate the system_prompt.jinja template within the PyPI Handler component, achieving limited confidentiality, integrity, and availability impact. The CVSS 4.0 score of 2.3 reflects high attack complexity and required passive user interaction, placing real-world exploitation difficulty considerably higher than the network-facing attack vector alone implies. A public proof-of-concept is available on GitHub; no patch has been issued and the vendor has not responded to disclosure.
Insufficient sanitization of team objects in Mattermost's scheme teams API endpoint allows an authenticated user holding the User Manager role to extract invite links for private teams from API responses and use those links to join or redistribute access to those teams. Affected versions are 11.7.x through 11.7.2 and 10.11.x through 10.11.19. No public exploit identified at time of analysis and exploitation has not been confirmed by CISA KEV, but the low attack complexity (AC:L) means a malicious User Manager could reliably reproduce this without trial and error.
Insecure Direct Object Reference (IDOR) in Cozmoslabs User Profile Picture WordPress plugin (versions through 2.6.3) allows a high-privileged authenticated attacker to modify the profile picture of arbitrary users by manipulating a user-controlled object key in requests. The flaw stems from CWE-639 - the plugin fails to validate that the authenticated user is authorized to modify the target user's resource before processing the change. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, consistent with its low CVSS score of 2.7.
Artifact Integrity Validation in wandb 0.25.2.dev1 uses MD5 (a cryptographically broken hash algorithm) within ArtifactManifestEntry.download in wandb/sdk/lib/hashutil.py, enabling a sufficiently resourced attacker with write access to artifact storage or a man-in-the-middle network position to substitute a malicious artifact file that shares the same MD5 digest as a legitimate one, bypassing download integrity checks. The CVSS 4.0 base score of 2.3 reflects high attack complexity and the requirement for authenticated access (PR:L), placing real-world exploitability firmly in the theoretical-to-low range. No public exploit exists and the vulnerability has no CISA KEV listing; an upstream fix via SHA-256 supplementation is available as an unmerged GitHub PR (#12031).
Integer overflow in GNU gawk's builtin.c (versions 5.4.0 and below) enables heap metadata corruption and memory exhaustion when gawk processes attacker-crafted input. The flaw stems from a CWE-190 integer wraparound condition that can be triggered locally to overwrite heap objects with attacker-controlled bytes, potentially escalating from a denial-of-service to memory corruption with partial integrity impact. No public exploit identified at time of analysis, and CERT-PL reported this with a low CVSS 4.0 base score of 2.1, reflecting a limited, local attack surface with specific attack prerequisites.