EUVD-2025-12168

Malicious code in bioql PyPI...

Use Of Weak Hash

pnpm is vulnerable to Use of Weak Hash. The vulnerability is due to improper path shortening caused by the use of the md5 function for compression, which can cause different libraries to resolve to the same storage path if a hash collision occurs...

CVE-2024-47829

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...

CVE-2024-47829

CVE-2024-47829 affects pnpm versions prior to 10.0.0, where the path shortening function uses MD5 and can cause two different libraries to map to the same storage path under node_modules. The issue is fixed in 10.0.0. Fedora advisories recommend upgrading pnpm to 10.9.0 to address this CVE; other...

GHSA-8CC4-RFJ6-FHG4 pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting

The path shortening function is used in pnpm： export function depPathToFilename depPath: string, maxLengthWithoutHash: number: string let filename = depPathToFilenameUnescapeddepPath.replace/\/:?"|/g, '+' if filename.includes'' filename = filename .replace/$/, '' .replace/\||/g, '' if...

pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting

The path shortening function is used in pnpm： export function depPathToFilename depPath: string, maxLengthWithoutHash: number: string let filename = depPathToFilenameUnescapeddepPath.replace/\/:?"|/g, '+' if filename.includes'' filename = filename .replace/$/, '' .replace/\||/g, '' if...

Stack overflow

An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function...

CVE-2020-22336

An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function...

Simple Online College Entrance Exam System 1.0 - Account Takeover

Exploit Title: Simple Online College Entrance Exam System 1.0 - Account Takeover Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...

Simple Online College Entrance Exam System 1.0 - Account Takeover Vulnerability

Exploit Title: Simple Online College Entrance Exam System 1.0 - Account Takeover Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...

Online Covid Vaccination Scheduler System 1.0 - (username) time-based blind SQL Injection

Exploit Title: Online Covid Vaccination Scheduler System 1.0 - 'username' time-based blind SQL Injection Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...