Lucene search
+L

259 matches found

CVE
CVE
added 2025/07/07 12:0 a.m.24 views

CVE-2024-37657

The CVE-2024-37657 entry concerns gnuboard5 v5.5.16 with an open redirect in the bbs/login.php component caused by insufficient validation of URL parameters. Exploitation could allow a remote attacker to obtain sensitive information and potentially disorient users by redirecting to an attacker-co...

6.1CVSS6.6AI score0.00229EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/07/07 12:0 a.m.13 views

CVE-2024-37657

An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component...

0.00229EPSS
Exploits1References2
OSV
OSV
added 2025/06/29 3:15 a.m.8 views

CVE-2025-6840

A vulnerability, which was classified as critical, was found in code-projects Product Inventory System 1.0. This affects an unknown part of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely...

9.8CVSS5.7AI score0.00399EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/06/29 12:0 a.m.12 views

PT-2025-27341 · Code Projects · Code-Projects Product Inventory System

Name of the Vulnerable Software and Affected Versions: code-projects Product Inventory System version 1.0 Description: A critical vulnerability was found in the code-projects Product Inventory System. This issue affects the Login component, specifically the file /index.php. The manipulation of th...

9.8CVSS8.1AI score0.00399EPSS
Exploits1References11
OSV
OSV
added 2025/05/25 1:15 p.m.4 views

CVE-2025-5149

A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack c...

8.1CVSS4.8AI score0.00517EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/05/25 12:0 a.m.8 views

PT-2025-22860 · Wcms · Wcms

Name of the Vulnerable Software and Affected Versions: WCMS versions up to 8.3.11 Description: A critical issue has been found in the Login component, specifically affecting the getMemberByUid function. The manipulation of the uid argument leads to improper authentication, allowing for remote...

8.1CVSS5.4AI score0.00517EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/05/23 10:41 a.m.11 views

CVE-2024-48644

Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera Firmware Version v3.0.0.188923031701 allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially facilitate other attacks, such...

5.3CVSS7AI score0.00737EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:9 a.m.8 views

CVE-2024-28741

Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component...

8.8CVSS7.2AI score0.78158EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:15 a.m.6 views

CVE-2024-5463

A vulnerability regarding buffer copy without checking the size of input 'Classic Buffer Overflow' has been found in the login component. This allows remote attackers to write specific files containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors...

6.5CVSS6.6AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:40 a.m.9 views

CVE-2024-30802

An issue in Vehicle Management System 7.31.0.320230412 allows an attacker to escalate privileges via the login.html component...

9.8CVSS7.1AI score0.0052EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:43 a.m.9 views

CVE-2024-24507

Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component...

6.1CVSS7.4AI score0.00418EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:23 a.m.9 views

CVE-2024-12663

A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. This vulnerability affects unknown code of the file /mee/login of the component Login. The manipulation of the argument username leads to observable response discrepancy. The attack can be initiated remotely. The...

6.3CVSS4.5AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:56 a.m.9 views

CVE-2023-33758

Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting XSS vulnerability via the CLIENTNAME and DEVICEGUID fields in the login component...

6.1CVSS6.2AI score0.0037EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:42 a.m.6 views

CVE-2023-48985

Cross Site Scripting XSS vulnerability in CU Solutions Group CUSG Content Management System CMS before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component...

6.1CVSS6.2AI score0.00606EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.13 views

CVE-2023-47503

An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module...

9.8CVSS7.8AI score0.01273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:53 p.m.18 views

CVE-2021-35207

An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode...

6.1CVSS6.4AI score0.0327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:29 p.m.8 views

CVE-2020-21504

waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php?=Public=login...

6.1CVSS5.8AI score0.00641EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:53 a.m.3 views

CVE-2017-1000444

Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution...

9.8CVSS8.2AI score0.03108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/18 12:0 a.m.10 views

PT-2025-21844 · Unknown · Phpgurukul News Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul News Portal version 4.1 Description: A critical issue has been found in the Login component of the affected software, specifically in the file /admin/index.php. The manipulation of the Username argument leads to SQL injection. This...

9.8CVSS7.4AI score0.00472EPSS
Exploits1References10
NVD
NVD
added 2025/05/17 10:15 p.m.30 views

CVE-2025-4838

A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of the component Login. The manipulation of t...

5.3CVSS0.00358EPSS
Exploits0References4
Rows per page
Query Builder