EUVD-2021-34762

Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack us...

CVE-2025-15531 Open5GS context.c sgwc_bearer_add assertion

A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwcbeareradd of the file src/sgwc/context.c. The manipulation leads to reachable assertion. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The...

Open5GS security vulnerabilities

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.5 and earlier contain security vulnerabilities. These vulnerabilities stem from operations in the sgwcbeareradd function located in the file...

CVE-2025-14722

A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

CVE-2025-13574

A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument catimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

JLSEC-2025-189 An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access...

An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory...

EUVD-2025-24624

Malicious code in bioql PyPI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from multiple calls to the deviceadd function, which could cause the kernel to crash...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unchecked mmcaddhost return value, which could lead to a memory leak and kernel crash...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /owner/addowner.php. An attacker can exploit this...

Linux Distros Unpatched Vulnerability : CVE-2022-49825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ata: libata-transport: fix error handling in atatportadd In atatportadd, the return value of transportadddevice is not checked. As a result, it causes...

Linux Distros Unpatched Vulnerability : CVE-2018-10775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NULL pointer dereference in the fieldsadd function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-45314

CVE-2025-45314 describes an XSS in hortusfox-web v4.4 affecting the /Calendar endpoint, where a crafted payload injected into the add function allows arbitrary JavaScript execution in a user’s browser. The vulnerability is evidenced across multiple sources in the connected documents, including Re...