EUVD-2023-50380

Malicious code in bioql PyPI...

GHSA-FM79-3F68-H2FC Wasmtime CLI is vulnerable to host panic through its fd_renumber function

Summary A bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling fdrenumber with either: - two equal argument values - second argument being equal...

PT-2025-28041 · Blackvue · Blackvue Dashcam 590X

Name of the Vulnerable Software and Affected Versions: BlackVue Dashcam 590X up to 20250624 Description: A critical issue affects some unknown functionality of the file /upload.cgi of the component Configuration Handler, leading to improper access controls. The attack must be initiated within the...

PT-2025-26276 · Unknown · Phpgurukul Emergency Ambulance Hiring Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul Emergency Ambulance Hiring Portal version 1.0 Description: A critical issue has been discovered, affecting an unknown function of the file /admin/bwdates-request-report-details.php. The manipulation of the fromdate and todate...

PT-2025-26475 · D Link · D-Link Dir-619L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L version 2.06B01 Description: A critical issue has been found, affecting the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to a stack-based buffer overflow...

CVE-2025-48881 Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users

Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If...

CVE-2023-47213

First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. ...

PT-2025-21890 · Unknown · Phpgurukul Auto Taxi Stand Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Auto Taxi Stand Management System version 1.0 Description: A critical issue was found in the system, affecting the /admin/forgot-password.php file. The email argument is vulnerable to sql injection, allowing remote attacks. The iss...

CVE-2025-47790

Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...

PT-2025-21616 · D Link · D-Link Di-7003Gv2

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R68125 Description: A vulnerability has been found in the D-Link DI-7003GV2, affecting an unknown functionality of the file /install base.data. The manipulation leads to information disclosure. The attack...

PT-2025-18119 · Unknown · Phpgurukul Rail Pass Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Rail Pass Management System version 1.0 Description: A critical issue was found in the PHPGurukul Rail Pass Management System. The problem affects an unknown functionality of the file /admin/search-pass.php. The manipulation of the...

PT-2025-18273 · NetGear · Netgear Wnr2000V2

Name of the Vulnerable Software and Affected Versions: Netgear JWNR2000v2 version 1.0.0.11 Description: A critical issue was found affecting the function sub 41A914. The manipulation of the host argument leads to a buffer overflow. The vendor was contacted about this issue but did not respond...

CVE-2025-27793

Vega (visualization grammar) and the related Vega-lite JSON workflow are affected by CVE-2025-27793. In Vega versions prior to 5.32.0 (and vega-functions prior to 5.17.0), processing Vega/Vega-lite JSON could cause execution of unintended JavaScript unless the library is used with the vega-interp...

IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt

Name: ISA-2025-001: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: IBC-Go = v7; Earlier IBC-Go versions MAY also be affected. Affected users: Validator...

CVE-2025-27416

CVE-2025-27416 affects the Scratch-Coding-Hut.github.io sign-in page. The vulnerability described states that the sign-in form allows a user to sign into another user’s account, implying an account-authentication/authorization issue on the website. As published, there is no available fix and a fi...

Able to attach restricted files to Jira issues from Email

h3. Issue Summary From 9.15, admins can now restrict unwanted file extensions from being uploaded through issues. However, the restriction does not work when the attachment is sent via email. The files with restricted extensions are being uploaded to Jira issues. Reference:Restrict unwanted file...

PT-2025-5037 · Unknown · Schalk Burger Anonymize Links

Name of the Vulnerable Software and Affected Versions: Schalk Burger Anonymize Links versions n/a through 1.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-2052 · Sucms · Sucms

Name of the Vulnerable Software and Affected Versions: Sucms version 1.0 Description: A critical issue affects some unknown functionality of the file /admin/admin members.php?ac=search. The manipulation of the uid argument leads to SQL injection. The attack may be launched remotely. The exploit h...

PT-2024-34466 · Unknown · Simplcommerce

Name of the Vulnerable Software and Affected Versions: SimplCommerce version 230310c8d7a0408569b292c5a805c459d47a1d8f Description: An improper access control issue exists, allowing users to submit reviews without verifying if they have purchased the product. This issue affects the review system,...

PT-2024-12344 · Easyappointments +1 · Alextselegidis/Easyappointments +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: A BOLA vulnerability in the "POST /appointments" endpoint allows a low-privileged user to create an appointment for any user in the system, including administrators. This results in...