Lucene search
K

257 matches found

OSV
OSV
added 2026/02/08 5:15 p.m.7 views

CVE-2026-2166

A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is possible to be carried...

9.8CVSS5.6AI score0.00416EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.12 views

PT-2026-7009

Name of the Vulnerable Software and Affected Versions SourceCodester Prison Management System version 1.0 Description A session fixation issue exists in the Login component of the software. The issue is triggered through manipulation of an unknown function within the Login component and can be...

7.5CVSS5.2AI score0.00309EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.14 views

PT-2026-7003

Name of the Vulnerable Software and Affected Versions code-projects Online Student Management System version 1.0 Description A flaw exists in the Login component of the Online Student Management System. Specifically, a SQL injection issue is present in the accounts.php file due to manipulation of...

9.8CVSS5.4AI score0.00391EPSS
Exploits0References12
NVD
NVD
added 2026/01/30 3:16 p.m.12 views

CVE-2026-1685

A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high...

6.3CVSS0.00987EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/30 2:32 p.m.5 views

CVE-2026-1685

A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high...

6.3CVSS5.5AI score0.00987EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.10 views

D-Link DIR-823X security vulnerabilities

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a security vulnerability. This vulnerability stems from an improper limitation on authentication attempts in the sub40AC74 function of the Login component, which may lead to brute-force...

6.3CVSS5.8AI score0.00987EPSS
Exploits0References6
NVD
NVD
added 2026/01/05 10:15 a.m.13 views

CVE-2026-0583

A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. The attack may be launched remotely...

9.8CVSS0.00371EPSS
Exploits1References6
OSV
OSV
added 2026/01/05 10:15 a.m.5 views

CVE-2026-0583

A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. The attack may be launched remotely...

9.8CVSS5.7AI score0.00371EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.9 views

PT-2026-1238

Name of the Vulnerable Software and Affected Versions code-projects Online Product Reservation System version 1.0 Description A security flaw exists in code-projects Online Product Reservation System version 1.0. The issue is located in the file app/user/login.php within the User Login component...

9.8CVSS6.9AI score0.00371EPSS
Exploits1References11
OSV
OSV
added 2025/12/11 8:15 p.m.4 views

CVE-2025-14536

A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument username/password results in sql injection. The attack may be...

9.8CVSS5.7AI score0.00568EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.4 views

PT-2025-50721

A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument username/password results in sql injection. The attack may be...

7.5CVSS7.1AI score0.00568EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.5 views

Code-Projects Class and Exam Timetable Management 安全漏洞

Class and Exam Timetable Management is a course and exam timetable management system. Class and Exam Timetable Management suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameters username/password in the file...

9.8CVSS7.9AI score0.00568EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.4 views

PT-2025-50485

Name of the Vulnerable Software and Affected Versions FearlessCMS version 0.0.2-15 Description A Cross Site Scripting issue exists in FearlessCMS. This allows a remote attacker to potentially obtain sensitive information through the login.php component. The login.php component is the point of...

5.9AI score0.00223EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/10 12:0 a.m.2 views

CVE-2025-56429

Cross Site Scripting vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to obtain sensitive information via the login.php component...

5.7AI score0.00223EPSS
Exploits1References1
CVE
CVE
added 2025/12/10 12:0 a.m.19 views

CVE-2025-56429

FearlessCMS v0.0.2-15 is affected by a Cross Site Scripting (XSS) vulnerability in the login.php component that could allow a remote attacker to obtain sensitive information. The issue is documented across multiple sources (NVD/Red Hat/EUVD/OSV/CNNVD) with the same description. No explicit exploi...

6.1CVSS5.7AI score0.00223EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/02 12:19 a.m.12 views

CVE-2025-63534

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...

8.5CVSS5.8AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2025/12/01 4:15 p.m.4 views

CVE-2025-63534

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...

8.5CVSS0.00186EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.5 views

PT-2025-48460

Name of the Vulnerable Software and Affected Versions Blood Bank Management System version 1.0 Description A SQL injection issue exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application does not properly sanitize user-supplied input used in SQL querie...

10CVSS7.9AI score0.00587EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/12/01 12:0 a.m.5 views

CVE-2025-63534

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...

8.5CVSS0.00186EPSS
Exploits0References3
CVE
CVE
added 2025/12/01 12:0 a.m.13 views

CVE-2025-63534

CVE-2025-63534 describes a reflected XSS vulnerability in Blood Bank Management System 1.0, specifically in the login.php component. The root cause is improper sanitization/encoding of user-provided input, allowing an attacker to inject JavaScript via the msg and error parameters, which executes ...

8.5CVSS5.5AI score0.00186EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder