257 matches found
CVE-2026-2166
A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is possible to be carried...
PT-2026-7009
Name of the Vulnerable Software and Affected Versions SourceCodester Prison Management System version 1.0 Description A session fixation issue exists in the Login component of the software. The issue is triggered through manipulation of an unknown function within the Login component and can be...
PT-2026-7003
Name of the Vulnerable Software and Affected Versions code-projects Online Student Management System version 1.0 Description A flaw exists in the Login component of the Online Student Management System. Specifically, a SQL injection issue is present in the accounts.php file due to manipulation of...
CVE-2026-1685
A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high...
CVE-2026-1685
A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high...
D-Link DIR-823X security vulnerabilities
The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a security vulnerability. This vulnerability stems from an improper limitation on authentication attempts in the sub40AC74 function of the Login component, which may lead to brute-force...
CVE-2026-0583
A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. The attack may be launched remotely...
CVE-2026-0583
A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. The attack may be launched remotely...
PT-2026-1238
Name of the Vulnerable Software and Affected Versions code-projects Online Product Reservation System version 1.0 Description A security flaw exists in code-projects Online Product Reservation System version 1.0. The issue is located in the file app/user/login.php within the User Login component...
CVE-2025-14536
A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument username/password results in sql injection. The attack may be...
PT-2025-50721
A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument username/password results in sql injection. The attack may be...
Code-Projects Class and Exam Timetable Management 安全漏洞
Class and Exam Timetable Management is a course and exam timetable management system. Class and Exam Timetable Management suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameters username/password in the file...
PT-2025-50485
Name of the Vulnerable Software and Affected Versions FearlessCMS version 0.0.2-15 Description A Cross Site Scripting issue exists in FearlessCMS. This allows a remote attacker to potentially obtain sensitive information through the login.php component. The login.php component is the point of...
CVE-2025-56429
Cross Site Scripting vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to obtain sensitive information via the login.php component...
CVE-2025-56429
FearlessCMS v0.0.2-15 is affected by a Cross Site Scripting (XSS) vulnerability in the login.php component that could allow a remote attacker to obtain sensitive information. The issue is documented across multiple sources (NVD/Red Hat/EUVD/OSV/CNNVD) with the same description. No explicit exploi...
CVE-2025-63534
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...
CVE-2025-63534
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...
PT-2025-48460
Name of the Vulnerable Software and Affected Versions Blood Bank Management System version 1.0 Description A SQL injection issue exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application does not properly sanitize user-supplied input used in SQL querie...
CVE-2025-63534
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...
CVE-2025-63534
CVE-2025-63534 describes a reflected XSS vulnerability in Blood Bank Management System 1.0, specifically in the login.php component. The root cause is improper sanitization/encoding of user-provided input, allowing an attacker to inject JavaScript via the msg and error parameters, which executes ...