📄 Windows Notepad Markdown Link Code Execution

The Windows Notepad App Microsoft Store version fails to properly validate protocol handlers in markdown links. When a user Ctrl+Click on a crafted link in a .md file, Notepad passes the raw URI to ShellExecuteExW without sufficient filtering. This allows execution of arbitrary binaries in two...

CVE-2025-13411

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/adminfootball.php. Performing a manipulation of the argument productimage results in unrestricted upload. The attack is possible to be...

CVE-2025-13410

A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an unknown function of the file /admin/receipt.php. Such manipulation of the argument tid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and...

CVE-2025-13411

CVE-2025-13411 affects Campcodes Retro Basketball Shoes Online Store 1.0. A vulnerability exists in the /admin/admin_football.php handler where manipulating the product_image argument enables unrestricted file uploads. The vulnerability can be exploited remotely, and public exploits exist. Numero...

CampCodes Retro Basketball Shoes Online Store 代码问题漏洞

CampCodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from CampCodes, Inc. A code issue vulnerability exists in CampCodes Retro Basketball Shoes Online Store version 1.0, which stems from an incorrect manipulation of the parameter productimage in the file...

EUVD-2024-3419

Malicious code in bioql PyPI...

EUVD-2023-47014

Malicious code in bioql PyPI...

CVE-2025-8929

A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

Code-Projects Online Shopping Store 安全漏洞

Code-Projects Online Shopping Store is a Code-Projects open source online store. A security vulnerability exists in Code-Projects Online Shopping Store version 1.0, which originates from SQL injection due to incorrect manipulation of the parameters catid/brandid/keyword/proId/pid in file/action.p...

CVE-2017-16359

In radare 2.0.1, a pointer wraparound vulnerability exists in storeversioninfognuverdef in libr/bin/format/elf/elf.c...

GHSA-W5HQ-HM5M-4548 Cross Site Scripting vulnerability in store2

Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices, which originates from improper access control. The following products and versions are...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition that leads to disabling GPG verification for package repositories. This vulnerability exposes the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. Remediation...

WordPress plugin Ebook Store 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-17366 · Unknown · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue has been found in the software, affecting the /admin/sales/index.php file. The manipulation of the date start and date end arguments leads to SQL...

nopCommerce Cross-Site Scripting Vulnerability (CNVD-2021-01555)

nopCommerce is a set of open source general e-commerce platform. A cross-site scripting vulnerability exists in nopCommerce Store version 4.30, which stems from the Schedule tasks name field not being effectively filtered for XSS statements. This vulnerability allows an attacker to inject an XSS...

CVE-2019-8289

Vulnerability in Online Store v1.0, stored XSS in admin/userview.php adidasmemberemail variable...

AZL-34916 CVE-2017-3607 affecting package libdb for versions less than 5.3.28-7

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...