116 matches found
CVE-2025-50900
An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecoderequest.getRequestURI to obtain the URL-decoded request path, and then determine whether...
Remote Code Execution (RCE)
github.com/tnborg/panel is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper path handling in the CleanPath middleware from the go-chi/chi package, which fails to process r.URL.Path, followed by flaws in backend login path exposure, which allows an attacker to bypass...
CVE-2025-9154
A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /user/page-login.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been published and m...
PT-2025-33856 · Itsourcecode · Itsourcecode Online Tour/Travel Management System
Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A flaw exists in the processing of the /user/page-login.php file within the itsourcecode Online Tour and Travel Management System. Manipulation of the email argume...
📄 Soosyze CMS 2.0 Missing Rate Limiting
Soosyze CMS version 2.0 suffers from missing rate limiting that allows for brute force login attacks. Exploit Title: Soosyze CMS 2.0 - Brute Force Login Google Dork: N/A Date: 2025-08-13 Exploit Author: Beatriz Fresno Naumova beafn28 Vendor Homepage: https://soosyze.com/ Software Link:...
Soosyze CMS 2.0 - Brute Force Login
Exploit Title: Soosyze CMS 2.0 - Brute Force Login Google Dork: N/A Date: 2025-08-13 Exploit Author: Beatriz Fresno Naumova beafn28 Vendor Homepage: https://soosyze.com/ Software Link: https://github.com/soosyze/soosyze Version: 2.0 tested Tested on: macOS Sonoma 14.x Apple Silicon M1, /bin/bash...
CVE-2025-8952
A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be...
CVE-2025-8952 Campcodes Online Flight Booking Management System Login ajax.php sql injection
A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be...
SUSE CVE-2025-53534
RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed b...
CVE-2025-8795
LitmusChaos Litmus up to 3.19.0 is affected by an Access Control vulnerability in the /auth/login process where manipulating the projectID parameter can bypass access controls. This allows remote exploitation with high impact on confidentiality, integrity, and availability. Public PoCs exist; ven...
CVE-2025-8773
A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/logingetPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible ...
CVE-2025-8741
CVE-2025-8741 concerns macrozheng mall up to version 1.0.3. The vulnerability affects an unknown functionality of the /admin/login URL and leads to cleartext transmission of sensitive information. It can be exploited remotely with high attack complexity and without user interaction. Exploit detai...
CVE-2025-8741 macrozheng mall login cleartext transmission
A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The...
Authentication Bypass by Primary Weakness
Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via r.URL.Path function in the middleware process. An attacker can execute arbitrary system commands or gain control over managed hosts by accessing the backend login path without authentication...
GHSA-FM3M-JRGM-5PPG RatPanel can perform remote command execution without authorization
Summary When an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution RCE vulnerability...
RatPanel can perform remote command execution without authorization
Summary When an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution RCE vulnerability...
kernel: ibmvnic: Use kernel helpers for hex dumps
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Use kernel helpers for hex dumps Previously, when the driver was printing hex dumps, the buffer was cast to an 8 byte long and printed using string formatters. If the buffer size was not a multiple of 8 then a read buffe...
CampCodes Hospital Management System 注入漏洞
CampCodes Hospital Management System is a hospital management system from CampCodes, Inc. An injection vulnerability exists in CampCodes Hospital Management System version 1.0, which results from a SQL injection due to incorrect manipulation of the parameter Username in the file /user-login.php...
CVE-2024-3431
A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin=Field=channeledit of the component Backend. The manipulation of the argument channelid leads to deserialization. The attack can be initiated remotel...
CVE-2025-29691
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...