CVE-2025-6343 code-projects Online Shoe Store admin_product.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminproduct.php. The manipulation of the argument pid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-6340

CVE-2025-6340 affects code-projects School Fees Payment System 1.0. The vulnerability is a cross-site scripting flaw in the /branch.php file, triggered by manipulating the Branch/Address/Detail parameter. It can be exploited remotely and exploit code has been publicly disclosed. Affected componen...

GHSA-24WV-6C99-F843 Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution

Impact Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code, without being authenticated. With the ability to execute arbitrary code, this vulnerability can be exploited in an infinite number of ways. It could be used t...

PT-2025-26225

Name of the Vulnerable Software and Affected Versions RARLAB WinRAR versions prior to 7.12 Description A directory traversal flaw exists in the handling of file paths within archive files. This issue allows remote attackers to execute arbitrary code in the context of the current user if a target...

CVE-2025-6120

A vulnerability has been discovered in the Open Asset Import Library Assimp, specifically within the readmeshes functionality of the assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp file related to Half-Life 1 MDL file loading. This flaw can lead to a heap-based buffer overflow. Under specific...

PT-2025-25552 · Unknown · Code-Projects Restaurant Order System

Name of the Vulnerable Software and Affected Versions: code-projects Restaurant Order System version 1.0 Description: A critical vulnerability was found in the code-projects Restaurant Order System. This issue affects an unknown part of the file /table.php. The manipulation of the ID argument lea...

PT-2025-25585 · Unknown · Conda-Build

Name of the Vulnerable Software and Affected Versions: conda-build versions prior to 25.4.0 Description: The conda-build recipe processing logic is vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. This is because conda-build uses the eval function to process...

CVE-2025-49581

XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...

CVE-2025-49585

XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script,...

Microsoft Office Code Execution Vulnerability (CNVD-2025-13271)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office due to the use of incompatible types of access to...

Microsoft Office Code Execution Vulnerability (CNVD-2025-13272)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

CVE-2025-43589

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-43550 Acrobat Reader | Use After Free (CWE-416)

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

PT-2025-24599 · Unknown · Code-Projects Laundry System

Name of the Vulnerable Software and Affected Versions: code-projects Laundry System version 1.0 Description: A critical vulnerability has been found in the code-projects Laundry System. This issue affects an unknown part of the file /data/ and leads to missing authentication. The attack can be...

PT-2025-24918 · Adobe · Acrobat Reader

Name of the Vulnerable Software and Affected Versions: Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier Description: The issue is a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...

PT-2025-24861

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description The issue is a heap-based buffer overflow that allows an unauthorized attacker to execute code locally. This enables remote attackers to execute arbitrary code and affect the system...

CVE-2025-49131

FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container fastgpt-sandbox is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated...

PT-2025-24518 · Unknown · Metalpriceapi

Name of the Vulnerable Software and Affected Versions: MetalpriceAPI versions 1.1.4 and earlier Description: The issue is related to an Improper Control of Generation of Code, also known as 'Code Injection', in MetalpriceAPI. This allows for Code Injection, which can be exploited. Recommendations...

PT-2025-24436 · Unknown +1 · Wilderforge +1

Name of the Vulnerable Software and Affected Versions: WilderForge affected versions not specified Description: A critical issue has been identified in the WilderForge organization, stemming from the unsafe use of user-controlled variables, such as $ github.event.review.body , directly inside she...

PT-2025-24103 · Unknown · Code-Projects Laundry System

Name of the Vulnerable Software and Affected Versions: code-projects Laundry System version 1.0 Description: A problematic issue was found in the code-projects Laundry System, affecting an unknown part of the file /data/edit laundry.php. The manipulation of the Customer argument leads to cross-si...