Lucene search
K

157 matches found

EUVD
EUVD
added 2026/05/29 6:15 p.m.15 views

EUVD-2026-33389

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible...

3.4CVSS5.8AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 7:55 p.m.19 views

CVE-2026-42887

CVE-2026-42887 affects Audiobookshelf before version 2.33.0. The issue is a stored cross-site scripting (XSS) in the Login Page caused by improper sanitization of the authLoginCustomMessage field in the /api/auth-settings endpoint. An attacker with administrative privileges can inject arbitrary H...

4.5CVSS5.8AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

homarr 安全漏洞

Homarr is a customizable browser homepage developed by Thomas Camlong, used to interact with the Docker container of the main server. Versions of Homarr prior to 1.57.0 contained security vulnerabilities; these vulnerabilities stemmed from DOM cross-site scripting in the login page, which could...

8.8CVSS5.9AI score0.00234EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.4 views

CVE-2026-4544

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/loginpage can lead to cross site scripting. It is possible to launch the...

4.8CVSS4.1AI score0.0026EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

Yzmcms 安全漏洞

Yzmcms is a set of open-source CMS Content Management Systems developed by Yzmcms. Version Yzmcms v7.4 contains a security vulnerability. This vulnerability stems from a reflection cross-site scripting vulnerability in the /index/login.html component. Attackers can execute arbitrary JavaScript in...

6.1CVSS5.9AI score0.00194EPSS
Exploits1References1
CVE
CVE
added 2026/03/16 11:2 a.m.18 views

CVE-2026-4235

CVE-2026-4235 affects itsourcecode Online Enrollment System 1.0. The vulnerability is an SQL injection in /sms/login.php via the user_email parameter, exploitable remotely over the network (no authentication). The cited exploit is PROOF-OF-CONCEPT. Impact is described in metrics as CONFIDENTIALIT...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/25 5:2 a.m.28 views

CVE-2026-3151 itsourcecode College Management System login.php sql injection

A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

7.5CVSS0.00391EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.9 views

SICK TDC-X401GL has security vulnerabilities

The SICK TDC-X401GL is a edge computing gateway developed by the German company SICK. The SICK TDC-X401GL has a security vulnerability. This vulnerability arises from the possibility of administrators injecting malicious content into the login page, which could lead to cross-site scripting attack...

4.8CVSS5.6AI score0.00262EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 9:37 a.m.6 views

CVE-2024-34905

FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS7.6AI score0.00552EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.9 views

CVE-2025-1101

A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...

5.3CVSS7AI score0.0068EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/01 7:2 p.m.4 views

CVE-2025-15410 code-projects Online Guitar Store login.php sql injection

A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Lemail leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available a...

7.5CVSS6.9AI score0.00322EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/03 12:26 a.m.11 views

CVE-2025-65881

Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting XSS in /classes/Login.php...

6.1CVSS6.2AI score0.002EPSS
Exploits1References1
OSV
OSV
added 2025/11/10 4:15 a.m.4 views

CVE-2025-12928

A vulnerability was detected in code-projects Online Job Search Engine 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument username/phone results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and ma...

9.8CVSS5.7AI score0.00431EPSS
Exploits1References6
EUVD
EUVD
added 2025/11/03 3:30 p.m.4 views

EUVD-2025-37488

School Management System PHP v1.0 is vulnerable to Cross Site Scripting XSS in /login.php via the password parameter...

5.4CVSS5.9AI score0.00218EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.4 views

WAVLINK QUANTUM D3G和WAVLINK WL-WN530HG3 安全漏洞

WAVLINK QUANTUM D3G and WAVLINK WL-WN530HG3 are both products of China RuiYin WAVLINK company.WAVLINK QUANTUM D3G is a router.WAVLINK WL-WN530HG3 is a WiFi router. A security vulnerability exists in the WAVLINK QUANTUM D3G and WAVLINK WL-WN530HG3 that originates from a stack-based buffer overflow...

9.1CVSS7.3AI score0.00674EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/20 12:0 a.m.3 views

CVE-2025-60783

There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...

7.5AI score0.00244EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/20 12:0 a.m.6 views

Restaurant-Management-System-DBMS-project 安全漏洞

Restaurant-Management-System-DBMS-project is a restaurant management system by Rajvi Patel, an individual developer. A security vulnerability exists in Restaurant-Management-System-DBMS-project version 1.0, which stems from improper handling of SQL query strings in login.php, which can lead to SQ...

6.5CVSS7.7AI score0.00244EPSS
Exploits1References2
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23565)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/07 2:2 p.m.2 views

CVE-2025-11397 SourceCodester Hotel and Lodge Management System login.php sql injection

A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS6.7AI score0.00387EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 2:2 p.m.7 views

EUVD-2025-32875

A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS6.5AI score0.00387EPSS
Exploits1References7
Rows per page
Query Builder