WordPress CRM Memberships plugin <= 2.5 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint vulnerability

Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrmchangepassword' AJAX Endpoint vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CRM Memberships versions = 2.5...

CVE-2025-13313 CRM Memberships <= 2.6 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...

EUVD-2025-201340

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.5. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...

CVE-2025-13586

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirmpassword causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-13586 SourceCodester Online Student Clearance System changepassword.php sql injection

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirmpassword causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

EUVD-2025-198618

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirmpassword causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-13586

SourceCodester Online Student Clearance System 1.0 contains a SQL injection in /Admin/changepassword.php through the txtconfirm_password parameter. The vulnerability arises from improper handling of the input in that function, enabling remote exploitation; multiple sources note that an exploit ha...

CVE-2025-13586 SourceCodester Online Student Clearance System changepassword.php sql injection

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirmpassword causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

PT-2025-47888

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirm password causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

EUVD-2004-1260

Malware in sbrugna...

EUVD-2023-12675

Malicious code in bioql PyPI...

EUVD-2025-32124

Malicious code in bioql PyPI...

CVE-2025-59748

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' and 'reset' parameters in...

CVE-2025-59748 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' and 'reset' parameters in...

CVE-2025-59748 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' and 'reset' parameters in...

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameters l and reset of the /clt/changepassword.asp file, and can be...

PT-2025-40369

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected through the l...

Linux Distros Unpatched Vulnerability : CVE-2021-26247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - As an unauthenticated remote user, visit http:///authchangepassword.php?ref=alert1 to successfully execute the JavaScript payload present in the ref URL...

Linux Distros Unpatched Vulnerability : CVE-2023-39364

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2022-48547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in...