Lucene search
K

99 matches found

Cvelist
Cvelist
added 2025/11/15 5:45 a.m.13 views

CVE-2025-8994 WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator'

The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completedatoperator’ parameter in all versions up to, and including, 2.6.26 due to insufficient escaping on th...

6.5CVSS0.00248EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/15 12:0 a.m.6 views

WordPress plugin WP Project Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

6.5CVSS7.6AI score0.00248EPSS
Exploits0References4
OSV
OSV
added 2025/10/15 8:15 a.m.3 views

UBUNTU-CVE-2025-39983

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciconntxdequeue This fixes the following UAF caused by not properly locking hdev when processing HCIEVNUMCOMPPKTS: BUG: KASAN: slab-use-after-free in hciconntxdequeue+0x1be/0x220...

7.7CVSS5.7AI score0.00168EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-27883

Malicious code in bioql PyPI...

6.3AI score0.00104EPSS
Exploits0References4
OSV
OSV
added 2025/10/01 12:15 p.m.4 views

UBUNTU-CVE-2023-53463

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset dql stats on NONFATAL err All ibmvnic resets, make a call to netdevtxresetqueue when re-opening the device. netdevtxresetqueue resets the numqueued and numcompleted byte counters. These stats are used in Byt...

5.5CVSS5.7AI score0.00145EPSS
Exploits0References7
OSV
OSV
added 2025/10/01 11:42 a.m.4 views

CVE-2023-53463 ibmvnic: Do not reset dql stats on NON_FATAL err

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset dql stats on NONFATAL err All ibmvnic resets, make a call to netdevtxresetqueue when re-opening the device. netdevtxresetqueue resets the numqueued and numcompleted byte counters. These stats are used in Byt...

5.5CVSS6AI score0.00145EPSS
Exploits0References7
Hacker One
Hacker One
added 2025/09/05 11:23 a.m.12 views

AWS VDP: Existence of completed pods allows for bypass of Kubernetes NetworkPolicy

Description The Amazon VPC CNI controller, when configured to manage NetworkPolicy rules, will incorrectly apply firewall rules for Completed pods as if the pods are still running, causing these rules to be applied to other unrelated pods that happen to receive the same IP address as a Completed...

6.8AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/09/04 8:16 a.m.6 views

rxrpc: Fix recv-recv race of completed call

...

4.7CVSS7AI score0.00104EPSS
Exploits0
Cvelist
Cvelist
added 2025/08/22 4:0 p.m.10 views

CVE-2025-38644 wifi: mac80211: reject TDLS operations when station is not associated

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211tdlsoper by sending NL80211TDLSENABLELINK immediately after NL80211CMDCONNECT, before association completed and without pri...

0.00147EPSS
Exploits0References6
OSV
OSV
added 2025/08/16 12:15 p.m.8 views

AZL-70451 CVE-2025-38524 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...

4.7CVSS5.5AI score0.00104EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/08/16 11:12 a.m.5 views

CVE-2025-38524

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...

4.7CVSS4.8AI score0.00104EPSS
Exploits0
Cvelist
Cvelist
added 2025/08/16 11:12 a.m.9 views

CVE-2025-38524 rxrpc: Fix recv-recv race of completed call

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...

0.00104EPSS
Exploits0References4
OSV
OSV
added 2025/08/16 11:12 a.m.7 views

CVE-2025-38524 rxrpc: Fix recv-recv race of completed call

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...

4.7CVSS5.9AI score0.00104EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a receive contention on a completed call by rxrpc, which could lead to the leakage of user call IDs...

4.7CVSS6.2AI score0.00104EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-21892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do not get stuck, as highlighted...

4.7CVSS6.8AI score0.00127EPSS
Exploits0References3
CNVD
CNVD
added 2025/07/21 12:0 a.m.5 views

Online Fire Reporting System completed-requests.php file SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter teamid in the file /admin/completed-requests.php. An attacker...

8.8CVSS7.1AI score0.00318EPSS
Exploits1References1
OSV
OSV
added 2025/07/14 3:15 a.m.4 views

CVE-2025-7563

A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/completed-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be launched remotel...

8.8CVSS5.8AI score0.00318EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/07/14 2:14 a.m.10 views

CVE-2025-7563 PHPGurukul Online Fire Reporting System completed-requests.php sql injection

A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/completed-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be launched remotel...

6.5CVSS0.00318EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/07/14 2:14 a.m.5 views

CVE-2025-7563 PHPGurukul Online Fire Reporting System completed-requests.php sql injection

A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/completed-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be launched remotel...

6.5CVSS7.7AI score0.00318EPSS
Exploits1References5
CVE
CVE
added 2025/07/14 2:14 a.m.27 views

CVE-2025-7563

CVE-2025-7563 affects PHPGurukul Online Fire Reporting System 1.2. The vulnerability resides in an unknown functionality of the file /admin/completed-requests.php, where manipulating the parameter teamid leads to a SQL injection. It can be exploited remotely, and the exploit has been publicly dis...

8.8CVSS6.8AI score0.00318EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder