CVE-2025-71009

An input validation vulnerability in the flow.scatter/flow.scatteradd component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted indices...

CVE-2025-71009

An input validation vulnerability in the flow.scatter/flow.scatteradd component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted indices...

Itsourcecode Society Management System security vulnerabilities

itsourcecode Society Management System is an open-source social management system developed by itsourcecode. Version 1.0 of the itsourcecode Society Management System contains a security vulnerability, which stems from incorrect handling of parameters in the file admin/addexpenses.php’s detail...

EUVD-2025-206540

An input validation vulnerability in the flow.scatter/flow.scatteradd component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted indices...

PT-2026-5301

Name of the Vulnerable Software and Affected Versions OneFlow version 0.9.0 Description An input validation issue exists in the flow.scatter/flow.scatter add component. This can be exploited to cause a Denial of Service DoS by providing a crafted indices input. Recommendations At the moment, ther...

CVE-2025-71009

CVE-2025-71009 affects OneFlow v0.9.0 in the flow.scatter/flow.scatter_add components. The vulnerability is an input validation issue that can cause a Denial of Service when crafted indices are provided, per Red Hat, NVD, OSV, CIRCL, Snyk and related feeds. The practical impact is DoS with availa...

PT-2026-5280

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add entry.php endpoint to determine user existence by measuring...

CVE-2026-24889

soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions up to and including 25.0.1, 23.5.1, and 25.0.2. Contracts that pass user-controlled or computed range bounds to...

EUVD-2026-4848

soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions up to and including 25.0.1, 23.5.1, and 25.0.2. Contracts that pass user-controlled or computed range bounds to...

CVE-2026-1533

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the...

CVE-2026-1533

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the...

CVE-2025-71007

An input validation vulnerability in the oneflow.indexadd component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-1533 code-projects Online Music Site AdminAddCategory.php sql injection

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the...

CVE-2026-1533

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the...

CVE-2026-1533 code-projects Online Music Site AdminAddCategory.php sql injection

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the...

CVE-2026-1533

CVE-2026-1533 affects code-projects Online Music Site 1.0. The vulnerability is a remotely exploitable SQL injection in an unknown function of the file /Administrator/PHP/AdminAddCategory.php. Publicly available exploits/payloads have been released, increasing risk of remote compromise. No vendor...

CVE-2020-36965 docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)

docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler SEH overwrite to execute shellcode and gain remo...

CVE-2020-36965 docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)

docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler SEH overwrite to execute shellcode and gain remo...

CVE-2020-36965

docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler SEH overwrite to execute shellcode and gain remo...

CVE-2020-36965

CVE-2020-36965 affects docPrint Pro 8.0. The vulnerability is a local buffer overflow in the 'Add URL' input field that can be exploited to overwrite structured exception handler (SEH) and execute shellcode, potentially giving an attacker remote system access. Multiple connected sources confirm t...