CVE-2025-34060 Monero Forum Remote Code Execution via Arbitrary File Read and Cookie Forgery

A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to filegetcontents without validation. MIME type checks using...

CVE-2025-0634

CVE-2025-0634 Reports a Use After Free in Samsung Open Source rlottie (V0.2) that enables Remote Code Inclusion. Affected component: rlottie library used by Samsung, with NVD listing a 3.1 base score of 9.8 (CRITICAL) and impact to Confidentiality, Integrity, Availability. The TencentOSS/Tenables...

PT-2025-27463 · Code Projects · Code-Projects Online Hotel Booking

Name of the Vulnerable Software and Affected Versions: code-projects Online Hotel Booking version 1.0 Description: A critical vulnerability has been found in the code-projects Online Hotel Booking software. This issue affects unknown code of the file /admin/registration.php. The manipulation of t...

PT-2025-27429 · Unknown · Code-Projects Library System

Name of the Vulnerable Software and Affected Versions: code-projects Library System version 1.0 Description: A critical vulnerability has been found in the code-projects Library System, affecting unknown code of the file /add-book.php. The manipulation of the image argument leads to unrestricted...

CVE-2025-6837 code-projects Library System profile.php unrestricted upload

A vulnerability classified as critical was found in code-projects Library System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

PT-2025-27344 · Unknown · Code-Projects Simple Photo Gallery

Name of the Vulnerable Software and Affected Versions: code-projects Simple Photo Gallery version 1.0 Description: A critical issue was found in the code-projects Simple Photo Gallery. The problem is related to an unknown function of the file /upload-photo.php. The manipulation of the file img...

PT-2025-27345 · Unknown · Code-Projects Simple Forum

Name of the Vulnerable Software and Affected Versions: code-projects Simple Forum version 1.0 Description: A critical vulnerability was found in the code-projects Simple Forum. The issue affects an unknown functionality of the file /signin.php. The manipulation of the User argument leads to SQL...

PT-2025-27352 · Unknown · Code-Projects Simple Forum

Name of the Vulnerable Software and Affected Versions: code-projects Simple Forum version 1.0 Description: A problem was found in an unknown function of the file /forum edit1.php. The manipulation of the argument text leads to cross site scripting. It is possible to launch the attack remotely. Th...

PT-2025-27336 · Unknown · Code-Projects Library System

Name of the Vulnerable Software and Affected Versions: code-projects Library System version 1.0 Description: A critical vulnerability has been found in the code-projects Library System. The issue affects an unknown function of the file /profile.php. The manipulation of the phone argument leads to...

PT-2025-27351 · Code Projects · Code-Projects Simple Forum

Name of the Vulnerable Software and Affected Versions: code-projects Simple Forum version 1.0 Description: A critical issue has been found in the processing of the file /forum1.php, allowing unrestricted upload through the manipulation of the File argument. This can be initiated remotely. The...

CVE-2025-53311

creationtimestamp| type| source ---|---|--- 2025-06-27 17:56:18+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19762...

CVE-2025-53002

Summary of CVE-2025-53002 (LLaMA-Factory) : A remote code execution vulnerability was reported in LLaMA-Factory up to version 0.9.3 during training. The root cause is loading the vhead_file without the secure parameter weights_only=True, enabling an attacker to execute arbitrary code by supplying...

CVE-2025-6665 code-projects Inventory Management System editBrand.php sql injection

A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /phpaction/editBrand.php. The manipulation of the argument editBrandStatus leads to sql injection. The attack can be...

CVE-2025-5825

CVE-2025-5825: Affects Autel MaxiCharger AC Wallbox Commercial. Root cause is insufficient validation of a firmware image during upgrade, enabling a downgrade path that can lead to remote code execution. Exploitation requires network-adjacent access and pairing of a malicious Bluetooth device, wi...

CVE-2025-5825 Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability

Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain the...

Delta Electronics CNCSoft

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current process. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds...

CVE-2025-34510

Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing...

CVE-2025-24286

A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code...

PT-2025-26595 · Brain2 · Brain2

Name of the Vulnerable Software and Affected Versions: BRAIN2 versions 0.0 through 3.05 Description: A script can be integrated into a report on a client with a non-admin user. The reports could later be executed on the BRAIN2 server with administrator rights, potentially allowing for code...

PT-2025-26550 · Unknown · Code-Projects Online Bidding System

Name of the Vulnerable Software and Affected Versions: code-projects Online Bidding System version 1.0 Description: A critical vulnerability has been found in the code-projects Online Bidding System. The issue affects an unknown functionality of the file /showprod.php. The manipulation of the ID...