Lucene search
K

78 matches found

NVD
NVD
added 2 days ago11 views

CVE-2026-13541

A weakness has been identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /doctorchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be performed from remote. The exploit has been made...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40041

A weakness has been identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /doctorchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be performed from remote. The exploit has been made...

6.5CVSS5.7AI score0.002EPSS
Exploits0References6
CVE
CVE
added 2 days ago13 views

CVE-2026-13541

The CVE-2026-13541 entry concerns itsourcecode Hospital Management System 1.0. Affected component: the /doctorchangepassword.php function where manipulating the newpassword parameter leads to SQL injection. Impact is indicated as remote exploitation with low to moderate severity across confidenti...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress CRM Memberships plugin <= 2.5 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint vulnerability

Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrmchangepassword' AJAX Endpoint vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CRM Memberships versions = 2.5...

9.8CVSS5.9AI score0.00476EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/05 4:29 a.m.6 views

EUVD-2025-201340

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.5. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...

9.8CVSS6.3AI score0.00476EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/05 4:29 a.m.27 views

CVE-2025-13313 CRM Memberships <= 2.6 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...

9.8CVSS0.00476EPSS
Exploits0References7
NVD
NVD
added 2025/11/24 7:16 a.m.4 views

CVE-2025-13586

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirmpassword causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

7.2CVSS0.0028EPSS
Exploits1References5
CVE
CVE
added 2025/11/24 6:2 a.m.13 views

CVE-2025-13586

SourceCodester Online Student Clearance System 1.0 contains a SQL injection in /Admin/changepassword.php through the txtconfirm_password parameter. The vulnerability arises from improper handling of the input in that function, enabling remote exploitation; multiple sources note that an exploit ha...

7.2CVSS5.1AI score0.0028EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/11/24 6:2 a.m.11 views

CVE-2025-13586 SourceCodester Online Student Clearance System changepassword.php sql injection

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirmpassword causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

5.8CVSS0.0028EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/11/24 6:2 a.m.2 views

CVE-2025-13586 SourceCodester Online Student Clearance System changepassword.php sql injection

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirmpassword causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

5.8CVSS4.9AI score0.0028EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/24 6:2 a.m.3 views

EUVD-2025-198618

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirmpassword causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

5.8CVSS6.4AI score0.0028EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.6 views

PT-2025-47888

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirm password causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

5.8CVSS5.3AI score0.0028EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-1260

Malware in sbrugna...

7.2CVSS6.4AI score0.00375EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-12675

Malicious code in bioql PyPI...

9.1CVSS5.1AI score0.01005EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-32124

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00221EPSS
Exploits0References2
NVD
NVD
added 2025/10/02 3:15 p.m.14 views

CVE-2025-59748

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' and 'reset' parameters in...

6.9CVSS0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/02 2:21 p.m.5 views

CVE-2025-59748 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' and 'reset' parameters in...

6.9CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/02 2:21 p.m.3 views

CVE-2025-59748 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' and 'reset' parameters in...

6.9CVSS6.1AI score0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.6 views

PT-2025-40369

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected through the l...

6.9CVSS5.9AI score0.00221EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.4 views

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameters l and reset of the /clt/changepassword.asp file, and can be...

6.9CVSS6.4AI score0.00221EPSS
Exploits0References1
Rows per page
Query Builder