EUVD-2025-7802

Malicious code in bioql PyPI...

PT-2025-38693

Name of the Vulnerable Software and Affected Versions Campcodes Grocery Sales and Inventory System version 1.0 Description A flaw exists in Campcodes Grocery Sales and Inventory System 1.0. The vulnerability is due to SQL injection within unknown code in the file /ajax.php?action=delete user...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 – Erlang/OTP SSH RCE Vulnerability 📌 Summary...

CVE-2025-8697 agentUniverse MCPSessionManager/MCPTool/MCPToolkit StdioServerParameters os command injection

A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has be...

CVE-2025-54955

OpenNebula Community Edition CE before 7.0.0 and Enterprise Edition EE before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token JWT belonging to a legitimate user without knowled...

CVE-2025-54132 Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch

Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...

CVE-2025-54584

GitProxy (versions ≤ 1.19.1) is vulnerable to a packfile parsing exploit due to the parsePush.ts PACK signature detection. An attacker can craft a malicious Git packfile that embeds a misleading PACK signature within commit content and manipulates the packet structure, causing the parser to treat...

Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3D...

CVE-2025-54379 eKuiper API endpoints handling SQL queries with user-controlled table names.

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...

ROS-20250724-09

A vulnerability in the urllib3 module of the Python programming language interpreter is related to incorrect implementation of the Redirect object when processing redirects and retries. implementation of the Redirect object when processing redirects and retries. Exploitation of the vulnerability...

WordPress Contest Gallery plugin cross-site scripting vulnerability

WordPress Contest Gallery plugin is a powerful plugin that is mainly used to organize all kinds of online contests in WordPress websites, supporting the uploading and displaying of photos, videos, audios, documents and other types of files. WordPress Contest Gallery plugin suffers from a cross-si...

ROS-20250718-02

The vulnerability in Firefox and Firefox ESR browsers and Thunderbird email client is related to the operation exceeding the memory buffer boundaries. memory buffer boundaries. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code or cause a denial of service...

CVE-2025-20272

CVE-2025-20272 : Affects a subset of REST APIs in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). An authenticated, low-privilege remote attacker could exploit insufficient input validation to perform a blind SQL injection, potentially viewing data from database ...

PT-2025-29888 · Unknown · Rips Scanner

Name of the Vulnerable Software and Affected Versions: RIPS Scanner version 0.54 Description: A path traversal vulnerability exists that allows remote attackers to read arbitrary files on the system with the privileges of the web server. This is achieved by sending crafted HTTP GET requests to th...

CVE-2025-53029

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

CVE-2025-42992

SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on...

ROS-20250710-12

A vulnerability in the Libexif library for grammar parsing EXIF files is related to an optimization of the compiler optimization that removes buffer overflow protection in libexif. Exploitation of the vulnerability could Allow an attacker acting remotely to execute arbitrary code on the target...

CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target`

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

CVE-2025-7215 FNKvision FNK-GU2 wpa_supplicant.conf cleartext storage

A vulnerability, which was classified as problematic, has been found in FNKvision FNK-GU2 up to 40.1.7. Affected by this issue is some unknown functionality of the file /rom/wpasupplicant.conf. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the atta...

Exploit for CVE-2024-9014

CVE-2024-9014 - pgAdmin 4 OAuth2 Authentication Bypass Exploit...