PT-2025-27344 · Unknown · Code-Projects Simple Photo Gallery

Name of the Vulnerable Software and Affected Versions: code-projects Simple Photo Gallery version 1.0 Description: A critical issue was found in the code-projects Simple Photo Gallery. The problem is related to an unknown function of the file /upload-photo.php. The manipulation of the file img...

CVE-2025-53311

creationtimestamp| type| source ---|---|--- 2025-06-27 17:56:18+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19762...

CVE-2025-53002

Summary of CVE-2025-53002 (LLaMA-Factory) : A remote code execution vulnerability was reported in LLaMA-Factory up to version 0.9.3 during training. The root cause is loading the vhead_file without the secure parameter weights_only=True, enabling an attacker to execute arbitrary code by supplying...

CVE-2025-6665 code-projects Inventory Management System editBrand.php sql injection

A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /phpaction/editBrand.php. The manipulation of the argument editBrandStatus leads to sql injection. The attack can be...

CVE-2025-5825

CVE-2025-5825: Affects Autel MaxiCharger AC Wallbox Commercial. Root cause is insufficient validation of a firmware image during upgrade, enabling a downgrade path that can lead to remote code execution. Exploitation requires network-adjacent access and pairing of a malicious Bluetooth device, wi...

CVE-2025-5825 Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability

Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain the...

Delta Electronics CNCSoft

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current process. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds...

CVE-2025-34510

Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing...

CVE-2025-24286

A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code...

PT-2025-26595 · Brain2 · Brain2

Name of the Vulnerable Software and Affected Versions: BRAIN2 versions 0.0 through 3.05 Description: A script can be integrated into a report on a client with a non-admin user. The reports could later be executed on the BRAIN2 server with administrator rights, potentially allowing for code...

PT-2025-26550 · Unknown · Code-Projects Online Bidding System

Name of the Vulnerable Software and Affected Versions: code-projects Online Bidding System version 1.0 Description: A critical vulnerability has been found in the code-projects Online Bidding System. The issue affects an unknown functionality of the file /showprod.php. The manipulation of the ID...

CVE-2025-6343 code-projects Online Shoe Store admin_product.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminproduct.php. The manipulation of the argument pid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-6340

CVE-2025-6340 affects code-projects School Fees Payment System 1.0. The vulnerability is a cross-site scripting flaw in the /branch.php file, triggered by manipulating the Branch/Address/Detail parameter. It can be exploited remotely and exploit code has been publicly disclosed. Affected componen...

GHSA-24WV-6C99-F843 Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution

Impact Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code, without being authenticated. With the ability to execute arbitrary code, this vulnerability can be exploited in an infinite number of ways. It could be used t...

PT-2025-26225

Name of the Vulnerable Software and Affected Versions RARLAB WinRAR versions prior to 7.12 Description A directory traversal flaw exists in the handling of file paths within archive files. This issue allows remote attackers to execute arbitrary code in the context of the current user if a target...

CVE-2025-6120

A vulnerability has been discovered in the Open Asset Import Library Assimp, specifically within the readmeshes functionality of the assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp file related to Half-Life 1 MDL file loading. This flaw can lead to a heap-based buffer overflow. Under specific...

PT-2025-25585 · Unknown · Conda-Build

Name of the Vulnerable Software and Affected Versions: conda-build versions prior to 25.4.0 Description: The conda-build recipe processing logic is vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. This is because conda-build uses the eval function to process...

PT-2025-25552 · Unknown · Code-Projects Restaurant Order System

Name of the Vulnerable Software and Affected Versions: code-projects Restaurant Order System version 1.0 Description: A critical vulnerability was found in the code-projects Restaurant Order System. This issue affects an unknown part of the file /table.php. The manipulation of the ID argument lea...

CVE-2025-49581

XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...

CVE-2025-49585

XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script,...