CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/07 9:13 a.m.•2 views

CVE-2024-2565

A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to...

9.8CVSS7AI score0.00072EPSS

RedhatCVE•added 2025/12/29 2:3 p.m.•2 views

CVE-2025-15108

A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...

6.3CVSS4.4AI score0.00025EPSS

NVD•added 2025/12/27 5:15 p.m.•5 views

CVE-2025-15108

6.3CVSS0.00025EPSS

OSV•added 2025/12/27 5:15 p.m.•0 views

CVE-2025-15108

3.7CVSS5.3AI score

Vulnrichment•added 2025/12/27 4:32 p.m.•2 views

CVE-2025-15108 PandaXGO PandaX JWT Secret config.yml hard-coded key

6.3CVSS4.3AI score0.00025EPSS

EUVD•added 2025/12/27 4:32 p.m.•2 views

EUVD-2025-205477

6.3CVSS6AI score0.00025EPSS

Exploits0References5

Cvelist•added 2025/12/27 4:32 p.m.•16 views

CVE-2025-15108 PandaXGO PandaX JWT Secret config.yml hard-coded key

6.3CVSS0.00025EPSS

CVE•added 2025/12/27 4:32 p.m.•6 views

CVE-2025-15108

PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 is affected in the JWT Secret Handler component. The issue stems from manipulating the key argument in config.yml, resulting in use of a hard-coded cryptographic key. The vulnerability can be exploited remotely and is described with h...

6.3CVSS6.1AI score0.00025EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-27512

Malicious code in bioql PyPI...

9.8CVSS5.7AI score0.00078EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-27514

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00072EPSS

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-27511

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00048EPSS

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-27513

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.0007EPSS

RedhatCVE•added 2025/05/23 9:57 a.m.•5 views

CVE-2024-2562

A vulnerability, which was classified as critical, was found in PandaXGO PandaX up to 20240310. This affects the function InsertRole of the file /apps/system/services/rolemenu.go. The manipulation of the argument roleKey leads to sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS7.4AI score0.00048EPSS

RedhatCVE•added 2025/05/23 9:56 a.m.•5 views

CVE-2024-2563

A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path...

9.8CVSS9.5AI score0.00078EPSS

OSV•added 2024/03/17 3:15 p.m.•0 views

CVE-2024-2565

9.8CVSS5.4AI score0.00072EPSS

NVD•added 2024/03/17 3:15 p.m.•8 views

CVE-2024-2565

9.8CVSS6.5AI score0.00072EPSS

Vulnrichment•added 2024/03/17 2:31 p.m.•16 views

CVE-2024-2565 PandaXGO PandaX File Extension upload.go unrestricted upload

6.5CVSS6.5AI score0.00072EPSS

Cvelist•added 2024/03/17 2:31 p.m.•19 views

CVE-2024-2565 PandaXGO PandaX File Extension upload.go unrestricted upload

6.5CVSS6.7AI score0.00072EPSS