A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write.

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak.

in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free.

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.

SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server.