99 matches found
CVE-2025-8994 WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator'
The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completedatoperator’ parameter in all versions up to, and including, 2.6.26 due to insufficient escaping on th...
WordPress plugin WP Project Manager SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...
UBUNTU-CVE-2025-39983
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciconntxdequeue This fixes the following UAF caused by not properly locking hdev when processing HCIEVNUMCOMPPKTS: BUG: KASAN: slab-use-after-free in hciconntxdequeue+0x1be/0x220...
EUVD-2025-27883
Malicious code in bioql PyPI...
UBUNTU-CVE-2023-53463
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset dql stats on NONFATAL err All ibmvnic resets, make a call to netdevtxresetqueue when re-opening the device. netdevtxresetqueue resets the numqueued and numcompleted byte counters. These stats are used in Byt...
CVE-2023-53463 ibmvnic: Do not reset dql stats on NON_FATAL err
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset dql stats on NONFATAL err All ibmvnic resets, make a call to netdevtxresetqueue when re-opening the device. netdevtxresetqueue resets the numqueued and numcompleted byte counters. These stats are used in Byt...
AWS VDP: Existence of completed pods allows for bypass of Kubernetes NetworkPolicy
Description The Amazon VPC CNI controller, when configured to manage NetworkPolicy rules, will incorrectly apply firewall rules for Completed pods as if the pods are still running, causing these rules to be applied to other unrelated pods that happen to receive the same IP address as a Completed...
rxrpc: Fix recv-recv race of completed call
...
CVE-2025-38644 wifi: mac80211: reject TDLS operations when station is not associated
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211tdlsoper by sending NL80211TDLSENABLELINK immediately after NL80211CMDCONNECT, before association completed and without pri...
AZL-70451 CVE-2025-38524 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...
CVE-2025-38524
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...
CVE-2025-38524 rxrpc: Fix recv-recv race of completed call
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...
CVE-2025-38524 rxrpc: Fix recv-recv race of completed call
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a receive contention on a completed call by rxrpc, which could lead to the leakage of user call IDs...
Linux Distros Unpatched Vulnerability : CVE-2025-21892
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do not get stuck, as highlighted...
Online Fire Reporting System completed-requests.php file SQL Injection Vulnerability
Online Fire Reporting System is an online fire reporting system. Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter teamid in the file /admin/completed-requests.php. An attacker...
CVE-2025-7563
A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/completed-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be launched remotel...
CVE-2025-7563 PHPGurukul Online Fire Reporting System completed-requests.php sql injection
A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/completed-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be launched remotel...
CVE-2025-7563 PHPGurukul Online Fire Reporting System completed-requests.php sql injection
A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/completed-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be launched remotel...
CVE-2025-7563
CVE-2025-7563 affects PHPGurukul Online Fire Reporting System 1.2. The vulnerability resides in an unknown functionality of the file /admin/completed-requests.php, where manipulating the parameter teamid leads to a SQL injection. It can be exploited remotely, and the exploit has been publicly dis...