Lucene search
+L

427 matches found

Nuclei
Nuclei
added yesterday40 views

SickChill - Open Redirect

SickChill's login endpoint's 'next' parameter accepts arbitrary content, allowing authenticated attackers to perform open redirects, but this was fixed in commit c7128a8946c3701df95c285810eb75b2de18bf82 by redirecting to a default page. id: CVE-2024-53995 info: name: SickChill - Open Redirect...

4.8CVSS5.4AI score0.00951EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday43 views

Zoo Management System 1.0 - SQL Injection

Zoo Management System 1.0 contains a SQL injection vulnerability via the username parameter on the login page. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7.7AI score0.01721EPSS
Exploits1References3
NVD
NVD
added 3 days ago5 views

CVE-2026-33213

Redash is a package for data visualization and sharing. From 5.0.2 to 26.3.0, the getnextpath function in Redash's authentication module stripped the scheme and netloc from user-supplied next parameters but did not normalize multiple leading slashes, allowing a crafted login URL such as...

6.1CVSS0.00178EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 6:15 p.m.7 views

CVE-2026-14640

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit ha...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/30 9:7 p.m.4 views

CVE-2026-58450 Invoice Ninja 5.13.26 - Open Redirect in Client Portal Login via intended Parameter

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS6AI score0.00176EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53999

Name of the Vulnerable Software and Affected Versions Invoice Ninja versions prior to 5.13.27 Description An open redirect exists in the client portal login. Unauthenticated attackers can redirect authenticated users to external URLs by injecting a malicious value into the intended query paramete...

5.3CVSS6AI score0.00176EPSS
Exploits0References7
OSV
OSV
added 2026/06/17 6:10 p.m.3 views

GHSA-J5R2-4C8J-XC3M Gitea: Open Redirect via redirect_to

Details Despite the validation within urlIsRelative in modules/httplib/url.go, an open redirect is still possible due to usage of directory traversal sequences plus a back-slash in the "redirectto" parameter. PoC When a user uses this URL to login:...

5.1CVSS5.4AI score0.00248EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.13 views

CVE-2026-39109

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page index.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database...

9.4CVSS5.7AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.12 views

CVE-2026-6189

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

7.5CVSS7AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.11 views

Projectworlds Gate Pass Management System SQL注入漏洞

The Projectworlds Gate Pass Management System is an open-source boarding pass management system developed by Projectworlds. Version 2.1 of the Projectworlds Gate Pass Management System has a SQL injection vulnerability. This vulnerability stems from the login and password parameters, which are...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References4
CVE
CVE
added 2026/05/25 2:15 p.m.27 views

CVE-2018-25379

CVE-2018-25379 affects Collectric CMU 1.0 and describes a boolean-based blind SQL injection in the login flow through the lang parameter. The vulnerability allows unauthenticated attackers to influence database queries during authentication, enabling extraction of sensitive data via time-based bl...

8.8CVSS5.9AI score0.0039EPSS
Exploits0References3
NVD
NVD
added 2026/05/22 9:16 p.m.30 views

CVE-2026-3294

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.8CVSS0.00398EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/05/22 8:48 p.m.8 views

CVE-2026-3294

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.7CVSS5.8AI score0.00398EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/05/22 8:48 p.m.21 views

CVE-2026-3294 Authentication Logic Vulnerability on Multiple TP-Link Range Extenders

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.7CVSS0.00398EPSS
Exploits0References11
NVD
NVD
added 2026/05/17 1:16 p.m.18 views

CVE-2018-25333

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS0.00343EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/17 12:11 p.m.11 views

EUVD-2018-21857

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.39 views

CVE-2018-25333 Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS0.00343EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.7 views

CVE-2018-25333 Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25333

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/17 12:11 p.m.23 views

CVE-2018-25333

CVE-2018-25333 concerns the Nordex N149/4.0-4.5 Wind Turbine Web Server. The vulnerability is an SQL injection in the login flow: attackers can craft POST requests to login.php (no authentication required) to execute arbitrary SQL and potentially bypass login, leaking data. Affected software is N...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References3
Rows per page
Query Builder