PT-2025-33061 · Unknown · Hortusfox-Web

Name of the Vulnerable Software and Affected Versions: hortusfox-web version 4.4 Description: A cross-site scripting XSS issue exists in the /Calendar endpoint of hortusfox-web version 4.4. Attackers can execute arbitrary JavaScript in a user's browser through a crafted payload injected into the...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-6517

A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-webs\maxkey-web-mgt\src\main\java\org\dromara\maxkey\web\apps\contorller\SAML20DetailsController.java of the component Meta URL Handler. The manipulation of t...

SourceCodester Computer Store System 安全漏洞

SourceCodester Computer Store System is an open source computer storage system from SourceCodester. A security vulnerability exists in SourceCodester Computer Store System version 1.0, which stems from improper handling of the laptopcompany/RAM/Processor parameter in the Add function in the main....

PT-2025-23078 · Sourcecodester · Sourcecodester Computer Store System

Name of the Vulnerable Software and Affected Versions: SourceCodester Computer Store System version 1.0 Description: A critical issue has been found in the SourceCodester Computer Store System. This issue affects the function Add of the file main.c. The manipulation of the argument...

CVE-2023-23019

Cross site scripting XSS vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function useradd....

CVE-2023-1736

A vulnerability, which was classified as critical, has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this issue is some unknown functionality of the file cart/controller.php?action=add. The manipulation of the argument PROID leads to sql injection. The identifi...

CVE-2025-22081 fs/ntfs3: Fix a couple integer overflows on 32bit systems

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a couple integer overflows on 32bit systems On 32bit systems the "off + sizeofstruct NTFSDE" addition can have an integer wrapping issue. Fix it by using sizeadd...

PT-2025-13296 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A buffer overflow issue has been identified in the Linux kernel, specifically in the mgmt mesh add function. The issue arises from the mesh tx-param array being too small to hold the...

CVE-2024-57973 rdma/cxgb4: Prevent potential integer overflow on 32bit

In the Linux kernel, the following vulnerability has been resolved: rdma/cxgb4: Prevent potential integer overflow on 32bit The "gl-totlen" variable is controlled by the user. It comes from processresponses. On 32bit systems, the "gl-totlen + sizeofstruct cplpassacceptreq + sizeofstruct rssheader...

WordPress plugin WPAdverts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-39616

Name of the Vulnerable Software and Affected Versions OFCMS version 1.1.2 Description A problematic vulnerability has been found in OFCMS, affecting the add function of the file "/admin/system/dict/add.json?sqlid=system.dict.save". The manipulation of the dict value argument leads to cross-site...

CVE-2024-25290

An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function...

Casa Systems NL1901ACV 安全漏洞

Casa Systems NL1901ACV is a wireless router from Casa Systems, USA. A security vulnerability exists in Casa Systems NL1901ACV versions prior to R6B032 that originates from a vulnerability that allows a remote attacker to execute arbitrary code via the userName parameter of the add function...

PT-2024-20864 · Casa Systems · Casa Systems Nl1901Acv

Name of the Vulnerable Software and Affected Versions: Casa Systems NL1901ACV version R6B032 Description: An issue allows a remote attacker to execute arbitrary code via the userName parameter of the add function. Recommendations: For Casa Systems NL1901ACV version R6B032, avoid using the userNam...

CVE-2024-25290

An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function...

CVE-2023-23019

Cross site scripting XSS vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function useradd....

PT-2024-11981 · Unknown · Sourcecodester Oretnom23 Blog Site

Name of the Vulnerable Software and Affected Versions: sourcecodester oretnom23 Blog Site version 1.0 Description: The issue is related to a cross site scripting XSS vulnerability in the file main.php. This vulnerability can be exploited via the name and email parameters to the user add function...

CVE-2024-2125

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the galleryadd function. This makes it possible for unauthenticated attackers to...

PT-2024-19663 · Apfloat · Apfloat

Name of the Vulnerable Software and Affected Versions: Apfloat version 1.10.1 Description: The issue is related to an ArrayIndexOutOfBoundsException in the org.apfloat.internal.DoubleCRTMath::adddouble, double component. However, it is noted that the existence of this vulnerability is disputed by...