Lucene search
+L

433 matches found

patchstack
patchstack
added 2026/02/10 11:6 p.m.9 views

WordPress WaMate Confirm plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Phone Number Blocking/Unblocking vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Phone Number Blocking/Unblocking vulnerability discovered by Legion Hunter in WordPress Plugin WaMate Confirm versions = 2.0.1...

5.3CVSS5.5AI score0.00285EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/01/27 12:0 a.m.3 views

CVE-2025-69564

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirmpassword, Role, Branch, and Activate parameters...

5.9AI score0.00402EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/12/18 10:37 p.m.5 views

CVE-2025-68400

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint /Reports/ConfirmReportEmail.php in ChurchCRM prior to version 6.5.3. Although the feature was removed from the UI, the file remains deployed and reachable directly via URL. This is a...

9.3CVSS8AI score0.00336EPSS
Exploits3References1
nvd
nvd
added 2025/12/17 10:16 p.m.7 views

CVE-2025-68400

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint /Reports/ConfirmReportEmail.php in ChurchCRM prior to version 6.5.3. Although the feature was removed from the UI, the file remains deployed and reachable directly via URL. This is a...

9.3CVSS0.00336EPSS
Exploits3References1
osv
osv
added 2025/12/17 9:42 p.m.4 views

CVE-2025-68400 ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint /Reports/ConfirmReportEmail.php in ChurchCRM prior to version 6.5.3. Although the feature was removed from the UI, the file remains deployed and reachable directly via URL. This is a...

9.3CVSS7.9AI score0.00336EPSS
Exploits3References3
redhat
redhat
added 2025/12/17 3:4 p.m.9 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabilit...

7.8CVSS6.9AI score0.00244EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2025/12/17 12:0 a.m.7 views

PT-2025-51932

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system with a SQL Injection issue present in a legacy endpoint. The vulnerability exists in the /Reports/ConfirmReportEmail.php endpoint and is...

9.3CVSS7.4AI score0.00336EPSS
Exploits3References5
redhatcve
redhatcve
added 2025/12/07 6:56 a.m.15 views

CVE-2025-13748

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...

5.3CVSS6AI score0.0026EPSS
Exploits0References1
redhat
redhat
added 2025/12/01 6:11 a.m.4 views

kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()

A vulnerability has been identified in the Linux kernel's Network File System NFS daemon that could allow for a Denial of Service and in worst case scenario Arbitrary Code Execution. This Use-After-Free flaw arises from a race condition when the kernel handles the confirmation of an NFS client...

7.8CVSS5.8AI score0.00163EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2025/11/24 6:2 a.m.2 views

CVE-2025-13586 SourceCodester Online Student Clearance System changepassword.php sql injection

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirmpassword causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

5.8CVSS4.9AI score0.00286EPSS
Exploits1References5
redhatcve
redhatcve
added 2025/11/18 6:2 p.m.5 views

CVE-2025-13291

A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirmorder.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could b...

9.8CVSS7.2AI score0.00379EPSS
Exploits1References1
nvd
nvd
added 2025/11/17 5:15 p.m.6 views

CVE-2025-13291

A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirmorder.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could b...

9.8CVSS0.00379EPSS
Exploits1References5
cvelist
cvelist
added 2025/11/17 5:2 p.m.15 views

CVE-2025-13291 Campcodes Supplier Management System confirm_order.php sql injection

A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirmorder.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could b...

7.5CVSS0.00379EPSS
Exploits1References5
euvd
euvd
added 2025/11/17 5:2 p.m.7 views

EUVD-2025-197855

A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirmorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be...

7.5CVSS7.2AI score0.00379EPSS
Exploits1References6
cve
cve
added 2025/11/17 5:2 p.m.12 views

CVE-2025-13291

CVE-2025-13291 affects Campcodes Supplier Management System 1.0. The SQL injection vulnerability resides in the /manufacturer/confirm_order.php file, triggered by manipulating the ID parameter. It is remotely exploitable and the exploit has been made public. Impact is described with high confiden...

9.8CVSS7.2AI score0.00379EPSS
Exploits1References5Affected Software1
vulnrichment
vulnrichment
added 2025/11/17 5:2 p.m.3 views

CVE-2025-13291 Campcodes Supplier Management System confirm_order.php sql injection

A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirmorder.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could b...

7.5CVSS7.2AI score0.00379EPSS
Exploits1References5
cnnvd
cnnvd
added 2025/11/17 12:0 a.m.5 views

CampCodes Supplier Management System SQL注入漏洞

CampCodes Supplier Management System is a supplier management system from CampCodes, Inc. A SQL injection vulnerability exists in Campcodes Supplier Management System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /manufacturer/confirmorder.php, which could...

9.8CVSS7.8AI score0.00379EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2025/11/17 12:0 a.m.7 views

PT-2025-47173

Name of the Vulnerable Software and Affected Versions Campcodes Supplier Management System version 1.0 Description A flaw exists in Campcodes Supplier Management System that allows for SQL injection. This issue affects the /manufacturer/confirm order.php file. Manipulation of the ID argument can...

7.5CVSS6.9AI score0.00379EPSS
Exploits1References7
nessus
nessus
added 2025/11/05 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988857)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988857 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix connection leak There's a potential leak issue under following execution sequence :...

5.5CVSS6.2AI score0.00238EPSS
Exploits0References4
snyk
snyk
added 2025/10/20 2:42 p.m.2 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the lwshandshakeserver function when a user-provided callback handles LWSCALLBACKHTTPCONFIRMUPGRADE. An attacker can cause a crash or disrupt service by triggering the callback under specific conditions. Note: This is...

6.3CVSS5.5AI score0.00374EPSS
Exploits0References2
Rows per page
Query Builder