IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17029)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

Zoo Management System /admin/index.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in file /admin/index.php. An attacker can exploit this vulnerability to...

Online Appointment Booking System ulocateus.php File SQL Injection Vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that stems from an error in the parameter doctorname in the file /ulocateus.php that lacks validation of externally entered SQL statements. An...

CVE-2025-6058

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addbookingtype' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitra...

Code-Projects Library System 代码问题漏洞

Library System is a library system. Library System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /user/teacher/profile.php. An attacker can exploit this vulnerability to upload malicious files...

Simple forum code issue vulnerability

Simple forum is a simple forum. Simple forum has a code issue vulnerability that stems from the lack of valid validation of uploaded files in the parameter File in the file /forum1.php. An attacker can exploit this vulnerability to upload malicious files...

Code-Projects Online Shoe Store 注入漏洞

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter pid in the file /admin/adminproduct.php. An attacker can exploit this vulnerability to...

CVE-2025-49848

An out-of-bounds write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data...

Online Shopping Portal Project category.php File SQL Injection Vulnerability

Online Shopping Portal Project is an online shopping portal project. Online Shopping Portal Project suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Product in the file /category.php. An attacker can explo...

CVE-2024-0050

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-1202

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability...

gstreamer: EXIF Metadata Parsing Integer Overflow

A flaw was found in the GStreamer library. This flaw allows a remote attacker to send specially crafted content to the victim, allowing for arbitrary code execution within the context of the affected installation's process. The vulnerability is caused by improper parsing of EXIF metadata and a la...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of validation on the SETTINGSMAXHEADERLISTSIZE parameter. An attacker can cause the server to allocate excessive memory resources, leading to an OutOfMemoryError or...

e-Diary Management System add-notes.php File SQL Injection Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from a missing validation of an externally entered SQL statement in the Category parameter of the add-notes.php file. An attacker can...

PT-2025-15199 · Qualcomm · Snapdragon +57

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Memory corruption can occur when the software processes addresses from TZ and MPSS requests without proper validation. Recommendations: At the moment, there is no information about a newer...

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

PT-2025-2245 · WordPress · Ti Woocommerce Wishlist

Name of the Vulnerable Software and Affected Versions: WooCommerce Wishlist plugin for WordPress versions up to, and including, 1.8.7 Description: The issue concerns a lack of validation on a user-controlled key in the download pdf file function, allowing unauthenticated attackers to extract data...

CVE-2024-12131

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated...

UBUNTU-CVE-2023-6604

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation...

PT-2024-36737 · Altair · Altair

Name of the Vulnerable Software and Affected Versions: Altair versions prior to v12.24Q4.1 Description: The issue is related to a lack of validation and authentication in the image proxy for compressing and resizing remote files, which could allow attacks affecting availability. This could result...