CVE-2025-14584 itsourcecode COVID Tracking System Admin Login login.php sql injection

A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

CVE-2025-14584

The CVE-2025-14584 entry concerns itsourcecode COVID Tracking System 1.0, specifically the Admin Login component (/admin/login.php). Affected is an unknown function where the Username parameter is manipulated to trigger a SQL injection. The vulnerability can be exploited remotely and public explo...

CVE-2025-14584 itsourcecode COVID Tracking System Admin Login login.php sql injection

A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

WordPress Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Tracking Opt-In/Opt-Out Modification vulnerability discovered by Legion Hunter in WordPress Plugin Employee Spotlight versions = 5.1.3...

itsourcecode COVID Tracking System SQL注入漏洞

itsourcecode COVID Tracking System is a new coronavirus tracking system open-sourced by itsourcecode. An SQL injection vulnerability exists in version 1.0 of itsourcecode COVID Tracking System, which stems from a misuse of the parameter ID in the file /admin/?page=zone, which could lead to an SQL...

PT-2025-51032

Name of the Vulnerable Software and Affected Versions itsourcecode COVID Tracking System version 1.0 Description A SQL injection issue exists in an unknown functionality of the file '/admin/?page=zone'. The ID argument can be manipulated to exploit this issue, potentially allowing for remote...

itsourcecode COVID Tracking System SQL注入漏洞

itsourcecode COVID Tracking System is a new coronavirus tracking system open source by itsourcecode. A SQL injection vulnerability exists in version 1.0 of itsourcecode COVID Tracking System, which stems from an incorrect manipulation of the parameter Username in the file /admin/login.php, which...

PT-2025-51031

Name of the Vulnerable Software and Affected Versions itsourcecode COVID Tracking System version 1.0 Description A SQL injection issue exists in the Admin Login component of the software. The issue is located in the /admin/login.php file, specifically within an unknown function. Exploitation occu...

CVE-2025-67646

TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...

TableProgressTracking 跨站请求伪造漏洞

TableProgressTracking is an open source MediaWiki extension from Telepedia. A cross-site request forgery vulnerability exists in TableProgressTracking 1.2.0 and earlier versions, which stems from a lack of CSRF token validation in the REST API, and could lead to a cross-site request forgery attac...

CVE-2025-67646 TableProgressTracking's missing CSRF protection allows unauthorized state changes

TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...

CVE-2025-67646 TableProgressTracking's missing CSRF protection allows unauthorized state changes

TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...

PT-2025-50559

TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...

CVE-2025-67564

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a through = 1.51.1...

kernel: iommu/vt-d: Disallow dirty tracking if incoherent page walk

A flaw was found in the Intel VT-d IOMMU support in the Linux kernel. When an IOMMU is configured to perform dirty-page tracking, but the page-walk memory region is incoherent between the IOMMU and CPU, the hardware may attempt to atomically update the bits in a paging-structure entry that is not...

iommufd: Don't overflow during division for dirty tracking

...

SUSE CVE-2025-40293

In the Linux kernel, the following vulnerability has been resolved: iommufd: Don't overflow during division for dirty tracking If pgshift is 63 then BITSPERTYPEbitmap-bitmap pgsize will overflow to 0 and this triggers divide by 0. In this case the index should just be 0, so reorganize things to...

AlmaLinux 9 : kernel (ALSA-2025:22405)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:22405 advisory. kernel: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm CVE-2025-38724 kernel: wifi: cfg80211: fix use-after-free in cmpbss CVE-2025-3986...

RHEL 10 : kernel (RHSA-2025:22854)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22854 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: cifs: Fix oops due to...

CVE-2025-42615 Improper Restriction of Excessive Authentication Attempts vulnerability in CIRCL Vulnerability-Lookup

In affected versions, vulnerability-lookup did not track or limit failed One-Time Password OTP attempts during Two-Factor Authentication 2FA verification. An attacker who already knew or guessed a valid username and password could submit an arbitrary number of OTP codes without causing the accoun...