Security Vulnerabilities
rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-18
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-12-18
An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukebox-RFID project through commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 (2025-10-07). The 'rss' GET parameter receives data that is passed directly to the unserialize() function without validation. This allows a remote, unauthenticated attacker to inject arbitrary PHP objects, causing the application to process them and leading to errors or a denial of service.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-12-18
A Reflected Cross-Site Scripting (XSS) vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary web script or HTML via the dbname parameter after a user is authenticated.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-18
A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-18
A Reflected Cross-Site Scripting (XSS) vulnerability in yohanawi Hotel Management System (commit 87e004a) allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-12-18
An insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon application through commit b1c58a7d1dc664b38deb486ca290779621342c0b (2023-02-28). The 'obj' parameter receives base64-encoded data that is passed directly to the unserialize() function without validation. This allows a remote, unauthenticated attacker to inject arbitrary PHP objects, leading to a denial of service.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-12-18
Advantech WebAccess/SCADA
is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-12-18
Advantech WebAccess/SCADA
is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-12-18
Advantech WebAccess/SCADA
is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-18