CVE-2026-25952 FreeRDP has heap-use-after-free in xf_SetWindowMinMaxInfo

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfSetWindowMinMaxInfo dereferences a freed xfAppWindow pointer because xfrailgetwindow in xfrailserverminmaxinfo returns an unprotected pointer from the railWindows hash table, and the main thread can...

CVE-2026-0942 Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.5 - Missing Authorization to Unauthenticated Rede Order Logs Deletion

The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs function in all versions up to, and including, 5.1.5. This makes it possible for unauthenticated...

E-Commerce Website delete_order_details.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in the file /pages/deleteorderdetails.php. An attacker can exploit this...

CVE-2025-11596

A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/deleteorderdetails.php. Executing manipulation of the argument orderid can lead to sql injection. The attack can be executed remotely. The exploit has been public...

CVE-2025-11596

A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/deleteorderdetails.php. Executing manipulation of the argument orderid can lead to sql injection. The attack can be executed remotely. The exploit has been public...

CVE-2025-11596

A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/deleteorderdetails.php. Executing manipulation of the argument orderid can lead to sql injection. The attack can be executed remotely. The exploit has been public...

CVE-2025-11596 code-projects E-Commerce Website delete_order_details.php sql injection

A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/deleteorderdetails.php. Executing manipulation of the argument orderid can lead to sql injection. The attack can be executed remotely. The exploit has been public...

Code-Projects E-Commerce Website SQL注入漏洞

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in the file /pages/deleteorderdetails.php. An attacker can exploit this...

EUVD-2022-52305

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-53055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fscrypt: destroy keyring after securitysbdelete fscryptdestroykeyring must be called after all potentially-encrypted inodes were evicted; otherwise it cannot...

CVE-2023-1986

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function deleteorder of the file /classes/master.php?f=deleteorder. The manipulation of the argument id leads to sql injection. It is possible to launch the attack...

CVE-2022-30385

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggersmerch/classes/Master.php?f=deleteorder...

SUSE CVE-2024-26856

In the Linux kernel, the following vulnerability has been resolved: net: sparx5: Fix use after free inside sparx5delmactentry Based on the static analyzis of the code it looks like when an entry from the MAC table was removed, the entry was still used after being freed. More precise the vid of th...

CVE-2023-1986

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function deleteorder of the file /classes/master.php?f=deleteorder. The manipulation of the argument id leads to sql injection. It is possible to launch the attack...

Online Computer and Laptop Store SQL注入漏洞

Online Computer and Laptop Store is an online computer and laptop store. An SQL injection vulnerability exists in Online Computer and Laptop Store v1.0, which originates from the function deleteorder in /classes/master.php?f=deleteorder where the parameter id of deleteorder lacks validation for...

PT-2023-17393 · Sourcecodester · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue was found in the function delete order of the file /classes/master.php?f=delete order. The manipulation of the argument id leads to sql injection. It is...

CVE-2022-40933

Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via /petshop/classes/Master.php?f=deleteorder,id...

CVE-2022-40933

Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via /petshop/classes/Master.php?f=deleteorder,id...

Online Pet Shop We App SQL注入漏洞

Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Online Pet Shop We App version 1.0, which originates from a lack of validation of externally entered SQL statements in the...

Merchandise Online Store SQL Injection Vulnerability (CNVD-2022-40281)

Merchandise Online Store is a merchandise online store system. merchandise Online Store has a security vulnerability that can be exploited by attackers to conduct SQL injection via /vloggersmerch/classes/Master.php?f=deleteorder attack...