CVE-2025-12338

CVE-2025-12338 affects Campcodes Retro Basketball Shoes Online Store 1.0. A SQL injection vulnerability arises from manipulating the pid argument in the /admin/admin_product.ph (or /admin/admin product.ph) file, allowing remote exploitation. Public PoCs exist; CVSS metrics indicate high impact on...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF by allowing attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Remediation Upgrade solidusbackend to version...

Shopify: DOM XSS via Shopify.API.Modal.initialize

Similar 422043 & 576532 Payload Based on 576532: html function attack const ctx = window.openlocation.origin+'/admin/themes', 'blank' const json = message: "Shopify.API.Modal.initialize", data: src: "" let interval; interval = setIntervalfunction if window.attackSuccess clearIntervalinterval else...

CVE-2011-5096

Stack-based buffer overflow in cstore.exe in the Media Application Server MAS in Avaya Aura Application Server 5300 formerly Nortel Media Application Server 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted csanams parameter in a...