CVE-2025-52074

The CVE-2025-52074 entry concerns PHPGURUKUL Online Shopping Portal 2.1 with a Cross-Site Scripting (XSS) vulnerability in the quantity parameter used when adding a product to the cart. Root cause identified in the description is missing input sanitization for that parameter. The connected source...

CVE-2025-48523

In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26463

In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26463

In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

tracing: Add down_write(trace_event_sem) when adding trace event

...

ASB-A-388032224

In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

AZL-73572 CVE-2025-38539 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: tracing: Add downwritetraceeventsem when adding trace event When a module is loaded, it adds trace events defined by the module. It may also need to modify the modules trace printk formats to replace enum names with their values...

ublk: santizize the arguments from userspace when adding a device

...

net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

...

CVE-2025-38182

In the Linux kernel, the following vulnerability has been resolved: ublk: santizize the arguments from userspace when adding a device Sanity check the values for queue depth and number of queues we get from userspace when adding a device...

Simple Pizza Ordering System adding-exec.php File SQL Injection Vulnerability

Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ingname in the file /adding-exec.php. An attacker can exploit this...

CVE-2025-6363

A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /adding-exec.php. The manipulation of the argument ingname leads to sql injection. It is possible to launch the attack remotely...

CVE-2025-6363

The CVE-2025-6363 entry concerns code-projects Simple Pizza Ordering System 1.0. Affected is the file /adding-exec.php, where the ingname parameter is unsafely handled, producing an SQL injection vulnerability. Descriptions across multiple sources consistently state remote exploitation is possibl...

Code-Projects Simple Pizza Ordering System 安全漏洞

Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ingname in the file /adding-exec.php. An attacker can exploit this...

CVE-2023-26950

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Title parameter under the Adding Categories module...

CVE-2023-1330

The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack...

CVE-2022-39873

Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication...

PT-2025-16390

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant. Recommendations At the moment, there is no...

CVE-2025-21730

CVE-2025-21730 affects the Linux kernel WiFi driver rtw89. The issue occurs during WoWLAN resume when an interface is re-added without removing the previous entry, causing mgnt_entry list to be initialized twice and leading to list corruption (list_add_tail on an already linked entry). The fix ad...

CVE-2023-46401

KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function...