Lucene search
+L

3673 matches found

Nuclei
Nuclei
added yesterday11 views

A5 Custom Login Page - Reflected XSS

A5 Custom Login Page WordPress plugin v2.8.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires a crafted URL or...

6.1CVSS8AI score0.00572EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday29 views

ZZcms - Cross-Site Scripting

ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. id: CVE-2020-20285 info: name: ZZcms -...

5.4CVSS5.6AI score0.01395EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday75 views

WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

5.3CVSS5.3AI score0.01235EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday20 views

Mailcow < 2026-03b - Href Link Injection

mailcow 2026-03b reflects raw REQUESTURI into JavaScript and href links on the login page, allowing attackers to inject parameters that break JS logic and enable phishing. id: CVE-2026-40878 info: name: Mailcow 2026-03b - Href Link Injection author: ritikchaddha severity: low description: | mailc...

2.1CVSS5.2AI score0.00805EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday39 views

Zyxel - Cross-Site Scripting

Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, and ZyWALL 1100 devices contain a reflected cross-site scripting vulnerability on the security firewall login page via the mpidx...

6.1CVSS5.8AI score0.20861EPSS
Exploits3References5
NVD
NVD
added 3 days ago4 views

CVE-2026-40957

o CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator...

7.5CVSS0.00313EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-40957 Frameable content vulnerability in the Secure Access server login page

o CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator...

6.1CVSS0.00313EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-40957

o CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator...

7.5CVSS6AI score0.00313EPSS
Exploits0References2
CVE
CVE
added 3 days ago7 views

CVE-2026-40957

CVE-2026-40957 describes a frameable content vulnerability in the Secure Access server login page prior to version 14.55. By controlling a malicious web site, an attacker could potentially steal credentials from an administrator visiting the login page. The connected sources confirm the existence...

7.5CVSS6AI score0.00313EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/09 3:45 p.m.7 views

EUVD-2026-42615

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and m...

7.5CVSS6.8AI score0.00328EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 11:45 a.m.6 views

PYSEC-2026-1451 User accounts disclosed to unauthenticated actors on the LAN

Summary The login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Details Starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network...

4.3CVSS6AI score0.00908EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/07/06 12:0 a.m.8 views

CVE-2026-38979

ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...

5.9AI score0.00159EPSS
Exploits0References3
NVD
NVD
added 2026/07/04 7:16 p.m.10 views

CVE-2026-14640

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit ha...

7.5CVSS0.00263EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 7:16 a.m.16 views

CVE-2026-6292

The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to and including 1.0. This is due to a completely broken nonce validation in the entermpclploginoptions function, which contains an inverted check if wpverifynonce... return false;...

4.3CVSS0.00176EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 5:33 a.m.17 views

CVE-2026-6292

CVE-2026-6292 affects the WordPress plugin MP Customize Login Page (versions ≤ 1.0). The issue is a CSRF vulnerability caused by a broken nonce validation in enter_mpclp_login_options() (inverted wp_verify_nonce() check and missing action parameter) and a settings-update handler hooked on init wi...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.36 views

CVE-2026-6292 MP Customize Login Page <= 1.0 - Cross-Site Request Forgery to Settings Update

The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to and including 1.0. This is due to a completely broken nonce validation in the entermpclploginoptions function, which contains an inverted check if wpverifynonce... return false;...

4.3CVSS0.00176EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38676

The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to and including 1.0. This is due to a completely broken nonce validation in the entermpclploginoptions function, which contains an inverted check if wpverifynonce... return false;...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 6:18 p.m.11 views

CVE-2026-53662

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 5:36 p.m.26 views

CVE-2026-53662

Immich (self-hosted photo/video management) has a reflected XSS in the /auth/login page observed between commits 4ffa26c9 and 4eb1003. The continue query parameter is read from the URL and passed to SvelteKit redirect() without URL scheme/origin validation, enabling attacker-controlled JavaScript...

9.6CVSS5.8AI score0.00235EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 5:36 p.m.3 views

CVE-2026-53662 immich: One-click account takeover via XSS in login page continue redirect

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS5.9AI score0.00235EPSS
Exploits0References4
Rows per page
Query Builder