14 matches found
CVE-2026-15478
IceHRM
WordPress All in One Time Clock Lite plugin unauthorized access vulnerability
WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports clock-in record management for employees, volunteers and contractors. An unauthorized access vulnerability exists in WordPress All in One Time Clock Lite plugin, which stems from a lack of...
WordPress All in One Time Clock Lite plugin unsafe direct object reference vulnerability
WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports employee/volunteer/contractor punch record management. The WordPress All in One Time Clock Lite plugin suffers from an insecure direct object reference vulnerability that stems from the applicati...
WordPress plugin All in One Time Clock Lite 安全漏洞
WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports employee/volunteer/contractor punch record management. The WordPress All in One Time Clock Lite plugin suffers from an insecure direct object reference vulnerability that stems from the applicati...
EUVD-2025-18521
Malicious code in bioql PyPI...
EUVD-2025-20228
Malicious code in bioql PyPI...
CVE-2025-7131
Campcodes Payroll Management System 1.0 is affected by a SQL injection in /ajax.php?action=save_employee_attendance via manipulation of the employee_id parameter. The vulnerability allows remote exploitation, with public disclosures noted. Root cause: improper handling of input in the save_employ...
PT-2025-28169 · Unknown · Campcodes Payroll Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Payroll Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown functionality of the file /ajax.php?action=save employee attendance. The manipulation of the employee id argument lead...
CVE-2025-28972
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Suhas Surse WP Employee Attendance System wp-employee-attendance-system allows Blind SQL Injection.This issue affects WP Employee Attendance System: from n/a through = 3.5...
CVE-2025-28972
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Suhas Surse WP Employee Attendance System wp-employee-attendance-system allows Blind SQL Injection.This issue affects WP Employee Attendance System: from n/a through = 3.5...
CVE-2025-28972
CVE-2025-28972 is an SQL injection vulnerability in the WordPress plugin “WP Employee Attendance System” affecting version 3.5 and earlier. The described root cause is improper neutralization of special elements in SQL commands, enabling blind SQL injection. Public references indicate the issue i...
CVE-2025-28972 WordPress WP Employee Attendance System <= 3.5 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Suhas Surse WP Employee Attendance System allows Blind SQL Injection. This issue affects WP Employee Attendance System: from n/a through 3.5...
CVE-2025-28972 WordPress WP Employee Attendance System plugin <= 3.5 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Suhas Surse WP Employee Attendance System wp-employee-attendance-system allows Blind SQL Injection.This issue affects WP Employee Attendance System: from n/a through = 3.5...
ZKSoftware Biometric Attendence Managnmnet Hardware[MIPS] 2 - Improper Authentication
No description provided by source. Exploit Title: ZKSoftware Biometric Attendence managnmnet HardwareMIPS Improper Authentication. Date: 20-3-2010 Author: FB1H2S Software Link: http://www.esslindia.com/install/eTimeTrack.zip Version: V2 Tested on: category: Remote Code : Advisory ZKSoftware...