62 matches found
CVE-2025-9238
CVE-2025-9238 affects the Swatadru Exam-Seating-Arrangement, specifically the Student Login component where the vulnerable function resides in the file /student.php. Manipulating the email argument can lead to a SQL injection, with remote exploitation possible. Multiple sources (NVD, Red Hat, CVE...
PT-2025-33455 · Sourcecodester · Sourcecodester Online Dj Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A vulnerability exists in SourceCodester Online Bank Management System up to version 1.0. The issue affects unknown code within the /bank/transfer.php file. Manipulation of...
CVE-2025-8927 mtons mblog Verification Code send_code excessive authentication
A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/sendcode of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The...
📄 Plane 0.23.1 Server-Side Request Forgery
Plane version 0.23.1 suffers from a server-side request forgery vulnerability. Exploit Title: Plane - Server side request forgery SSRF Date: 2024-01-13 Exploit Author: Saud Alenazi Vendor Homepage: https://plane.so Software Link: https://github.com/makeplane/plane/releases/tag/v0.23.1 Version:...
CVE-2024-48392
OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover...
CTFd 安全漏洞
CTFd is a Capture The Flag framework open-sourced by CTFd. A security vulnerability exists in CTFd version 3.7.3, which stems from a vulnerability that allows an attacker to trigger a Regular Expression Denial of Service ReDoS by supplying a crafted string as an email address during registration...
Printable Staff ID Card Creator System 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : printable staff id card creator system 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
CVE-2024-6129
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...
Pharmacy/Medical Store Point of Sale System SQL Injection Vulnerability
Pharmacy/Medical Store Point of Sale System is a pharmacy/pharmacy point of sale POS system by fkgeo Personal Developer. A SQL injection vulnerability exists in the Pharmacy/Medical Store Point of Sale System version 1.0, which stems from insufficient validation of user input for the email and...
PT-2024-40250 · Passbolt · Passbolt
Name of the Vulnerable Software and Affected Versions: Passbolt affected versions not specified Description: The issue allows a user to inject bash code during the installation stage of Passbolt, as the system does not perform escaping or verification on the input provided for the username, e-mai...
CVE-2024-31063
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field...
CVE-2024-31063
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field...
PT-2024-23743 · Unknown · Insurance Management System
Name of the Vulnerable Software and Affected Versions: Insurance Mangement System versions 1.0.0 and earlier Description: The issue allows a remote attacker to execute arbitrary code via the Email input field. This is a Cross Site Scripting vulnerability. Recommendations: For Insurance Mangement...
PT-2024-22390 · Unknown · Campcodes Online Shopping System
Name of the Vulnerable Software and Affected Versions: Campcodes Online Shopping System version 1.0 Description: A vulnerability was found in the file /offersmail.php, where the manipulation of the email argument leads to cross-site scripting. The attack can be initiated remotely. Recommendations...
PT-2024-15748 · WordPress · The Ninja Forms Contact Form – The Drag/Drop Form Builder For Wordpress
Name of the Vulnerable Software and Affected Versions: The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress versions up to, and including, 3.7.1 Description: The issue is related to Second Order SQL Injection via the email address value submitted throug...
SUSE CVE-2023-45150
Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...
Nextcloud Resource Management Error Vulnerability
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A resource management error vulnerability exists in Nextcloud calendar version 1.0.0 and later versions, which stems from a lack of precondition checking,...
Event Management System 跨站脚本漏洞
Event Management System is an event management system. A cross-site scripting XSS vulnerability exists in SourceCodester Royale Event Management System version 1.0, which originates from an unknown function in the file /royalevent/companyprofile.php, where manipulation of the parameters...
Pharmacy Management System SQL注入漏洞
Pharmacy Management System MPMS is a multilingual pharmacy management system from the personal developer Mayuri K. A SQL injection vulnerability exists in Pharmacy Management System v1.0, which stems from the electronic email and password in login.php Lack of validation of externally entered SQL...
Improper handling of email input
Impact An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: [email protected], Before signing in, claim your money!. This was previously sent to...