EUVD-2021-31292

Malicious code in bioql PyPI...

exploitdb

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a searchable archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The Exploit Database is...

PT-2025-33113 · Unknown · 1000 Projects Sales Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Sales Management System version 1.0 Description: A cross site scripting issue exists due to the manipulation of the ssalescat argument in the processing of the /superstore/admin/sales.php file. The attack can be initiated remote...

PT-2025-33091 · Unknown · Php Volunteer Management System

Name of the Vulnerable Software and Affected Versions: PHP Volunteer Management System version 1.0.2 Description: PHP Volunteer Management System version 1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the...

PT-2025-32211 · 4C Strategies · Exonaut

Name of the Vulnerable Software and Affected Versions: 4C Strategies Exonaut version 21.6 Description: Passwords stored in the database are hashed without a salt. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

PT-2025-32239 · Go Acme +1 · Lego +1

Name of the Vulnerable Software and Affected Versions: Lego versions 4.25.1 and below Description: The github.com/go-acme/lego/v4/acme/api package, and consequently the Lego library and command-line interface, does not enforce HTTPS when communicating with Certificate Authorities CAs as an ACME...

PT-2025-32182 · Unknown +1 · Go/Filesystems +1

Name of the Vulnerable Software and Affected Versions: go/filesystems affected versions not specified Description: The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links. However, both functions are susceptible to a time-of-check to time-of-use TOCTOU race...

PT-2025-32175 · Csv File · Csv File

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: The software lacks TLS validation when downloading a CSV file containing IP-to-country mappings. This file is used solely for displaying country flags in logs. Recommendations: At the moment, there...

PT-2025-32200 · Unknown · Agno-Agi Agno

Name of the Vulnerable Software and Affected Versions: agno-agi agno versions up to 1.7.5 Description: A critical issue exists in the Model Context Protocol Handler component of agno-agi agno. The MCPTools/MultiMCPTools function within the libs/agno/agno/tools/mcp.py library is susceptible to OS...

PT-2025-31933 · Bluestacks · Bluestacks

Name of the Vulnerable Software and Affected Versions: BlueStacks version 5.20 Description: A lack of SSL certificate validation allows attackers to execute a man-in-the-middle attack and obtain sensitive information. Recommendations: At the moment, there is no information about a newer version...

PT-2025-32002

Name of the Vulnerable Software and Affected Versions: react-native-bottom-tabs versions 0.9.2 and earlier Description: The react-native-bottom-tabs library improperly used the pull request target event trigger in the github/workflows/release-canary.yml GitHub Actions workflow. This allowed...

PT-2025-32009 · Unknown +1 · Security-Kit +1

Name of the Vulnerable Software and Affected Versions: Vision UI versions 1.4.0 and below Description: The generateSecureId and getSecureRandomInt functions within the security-kit component versions prior to 3.5.0, packaged in Vision UI 1.4.0 and below are susceptible to Denial of Service DoS...

PT-2025-31947 · Firstnum · Firstnum Jc21A-04

Name of the Vulnerable Software and Affected Versions: FIRSTNUM JC21A-04 devices versions through 2.01ME/FN Description: FIRSTNUM JC21A-04 devices enable the SSH service by default with the credentials root/admin. The graphical user interface GUI does not provide a method to disable this account...

PT-2025-32149 · Unknown · Cl4/6Nx-J Plus +1

Name of the Vulnerable Software and Affected Versions: CL4/6NX Plus versions prior to 1.15.5-r1 CL4/6NX-J Plus Japan model versions prior to 1.15.5-r1 Description: The CL4/6NX Plus and CL4/6NX-J Plus devices are susceptible to arbitrary Lua script execution. This occurs due to the ability to uplo...

CVE-2025-8502 code-projects Online Medicine Guide changepass.php sql injection

A vulnerability classified as critical was found in code-projects Online Medicine Guide 1.0. Affected by this vulnerability is an unknown functionality of the file /changepass.php. The manipulation of the argument ups leads to sql injection. The attack can be launched remotely. The exploit has be...

CVE-2025-23283

CVE-2025-23283 affects NVIDIA vGPU software for Linux-type hypervisors, with a vulnerability in the Virtual GPU Manager that can be triggered by a malicious guest to cause a stack buffer overflow. The result could enable code execution, denial of service, privilege escalation, information disclos...

PT-2025-31621 · Code Projects · Online Medicine Guide

Name of the Vulnerable Software and Affected Versions: code-projects Online Medicine Guide version 1.0 Description: A critical vulnerability exists in code-projects Online Medicine Guide 1.0. The manipulation of the phuname argument in an unknown function of the /pharsignup.php file leads to a SQ...

PT-2025-31703 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel versions 2.0.5 and below Description: 1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. The HTTPS protocol used for communication between the Core and Agent...

PT-2025-31708 · Files · Files

Name of the Vulnerable Software and Affected Versions: Files versions 0.16.9 and below Description: The File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, potentially leading to Browser JS code execution in the context of the user’s session...

PT-2025-31641 · Jose +1 · Jose +1

Name of the Vulnerable Software and Affected Versions: jose version 6.0.10 Description: The jose JavaScript library version 6.0.10 contains weak encryption. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...