DevDojo Voyager <=1.8.0 - Arbitrary File Read

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. id: CVE-2024-55415 info: name: DevDojo Voyager =1.8.0 - Arbitrary File Read author: iamnoooob,rootxharsh,pdresearch severity: high description: | DevDojo Voyager through 1.8.0 is vulnerable to path traversal at t...

EUVD-2024-52770

Malicious code in bioql PyPI...

EUVD-2025-10905

Malicious code in bioql PyPI...

EUVD-2025-0180

Malicious code in bioql PyPI...

CVE-2024-55416

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...

CVE-2024-55415

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass...

CVE-2024-55417

DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server...

CVE-2025-32931

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command...

GHSA-QQ2H-M2HJ-HRFF DevDojo Voyager Argument Injection vulnerability

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command...

DevDojo Voyager Argument Injection vulnerability

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command...

CVE-2025-32931

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command...

CVE-2025-32931

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command...

CVE-2025-32931

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command...

CVE-2025-32931

CVE-2025-32931 affects DevDojo Voyager versions 1.4.0–1.8.0. When Laravel 8+ is used, authenticated administrators can execute arbitrary OS commands via a specific php artisan command (linked to the Compass admin tooling). Technical details in connected sources point to a vulnerable command imple...

CVE-2025-32931

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command...

PT-2025-16258 · Devdojo +1 · Devdojo Voyager +1

Name of the Vulnerable Software and Affected Versions: DevDojo Voyager versions 1.4.0 through 1.8.0 Description: The issue allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command when Laravel 8 or later is used. Recommendations: For DevDojo Voyager...

DevDojo Voyager vulnerable to reflected Cross-site Scripting

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...

DevDojo Voyager vulnerable to path traversal

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass...

GHSA-35P2-5VRH-M3P6 DevDojo Voyager Arbitrary File Write

DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server...

GHSA-MM49-4F2G-C3WF DevDojo Voyager vulnerable to reflected Cross-site Scripting

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...