7.8
CVE-2024-47032 -
In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
7.8
CVE-2024-11624 -
there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
5.3
CVE-2025-0176 - code-projects Point of Sales and Inventory Management System add_cart.php sql injection
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/add_cart.php. The manipulation of the argument id/qty leads to sql injection. The attack may be initiated remoteβ¦
5.3
CVE-2025-0175 - code-projects Online Shop view.php cross site scripting
A vulnerability was found in code-projects Online Shop 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view.php. The manipulation of the argument name/details leads to cross site scripting. The attack can be initiated remotely. The exploit has been disβ¦
5.3
CVE-2025-0174 - code-projects Point of Sales and Inventory Management System Parameter search_result2.php sql injecβ¦
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /user/search_result2.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. Itβ¦
5.3
CVE-2025-22376 - perl-Net-OAuth: Default nonce for Net::OAuth package for perl is not cryptographically strong
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.
9.3
CVE-2025-22275 -
iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python instaβ¦
8.8
CVE-2024-35365 - ffmpeg: double-free vulnerability in FFMPEG
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.
7.5
CVE-2024-48814 -
SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via the ViewType parameter of the findbywhereclause function
9.8
CVE-2024-55507 -
An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component.