Lucene search
K

116 matches found

OSV
OSV
added 2025/08/25 3:15 p.m.4 views

CVE-2025-50900

An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecoderequest.getRequestURI to obtain the URL-decoded request path, and then determine whether...

9.8CVSS7.3AI score
Exploits0References2
Veracode
Veracode
added 2025/08/25 9:32 a.m.5 views

Remote Code Execution (RCE)

github.com/tnborg/panel is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper path handling in the CleanPath middleware from the go-chi/chi package, which fails to process r.URL.Path, followed by flaws in backend login path exposure, which allows an attacker to bypass...

7.7CVSS7.6AI score0.00596EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/21 7:27 p.m.6 views

CVE-2025-9154

A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /user/page-login.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been published and m...

9.8CVSS7.7AI score0.005EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.5 views

PT-2025-33856 · Itsourcecode · Itsourcecode Online Tour/Travel Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A flaw exists in the processing of the /user/page-login.php file within the itsourcecode Online Tour and Travel Management System. Manipulation of the email argume...

9.8CVSS7.8AI score0.005EPSS
Exploits1References9
Packet Storm
Packet Storm
added 2025/08/18 12:0 a.m.117 views

📄 Soosyze CMS 2.0 Missing Rate Limiting

Soosyze CMS version 2.0 suffers from missing rate limiting that allows for brute force login attacks. Exploit Title: Soosyze CMS 2.0 - Brute Force Login Google Dork: N/A Date: 2025-08-13 Exploit Author: Beatriz Fresno Naumova beafn28 Vendor Homepage: https://soosyze.com/ Software Link:...

5.4CVSS6.5AI score0.0081EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/08/18 12:0 a.m.295 views

Soosyze CMS 2.0 - Brute Force Login

Exploit Title: Soosyze CMS 2.0 - Brute Force Login Google Dork: N/A Date: 2025-08-13 Exploit Author: Beatriz Fresno Naumova beafn28 Vendor Homepage: https://soosyze.com/ Software Link: https://github.com/soosyze/soosyze Version: 2.0 tested Tested on: macOS Sonoma 14.x Apple Silicon M1, /bin/bash...

5.4CVSS7.4AI score0.0081EPSS
Exploits3
OSV
OSV
added 2025/08/14 9:15 a.m.5 views

CVE-2025-8952

A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be...

9.8CVSS5.7AI score0.00371EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/14 8:32 a.m.10 views

CVE-2025-8952 Campcodes Online Flight Booking Management System Login ajax.php sql injection

A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be...

7.5CVSS0.00371EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/08/14 2:53 a.m.6 views

SUSE CVE-2025-53534

RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed b...

7.7CVSS8.3AI score0.00596EPSS
Exploits0References3
CVE
CVE
added 2025/08/10 5:32 a.m.23 views

CVE-2025-8795

LitmusChaos Litmus up to 3.19.0 is affected by an Access Control vulnerability in the /auth/login process where manipulating the projectID parameter can bypass access controls. This allows remote exploitation with high impact on confidentiality, integrity, and availability. Public PoCs exist; ven...

9.9CVSS7AI score0.00366EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/08/09 8:15 p.m.6 views

CVE-2025-8773

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/logingetPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible ...

9.8CVSS5.7AI score0.00562EPSS
Exploits1References4
CVE
CVE
added 2025/08/08 9:32 p.m.21 views

CVE-2025-8741

CVE-2025-8741 concerns macrozheng mall up to version 1.0.3. The vulnerability affects an unknown functionality of the /admin/login URL and leads to cleartext transmission of sensitive information. It can be exploited remotely with high attack complexity and without user interaction. Exploit detai...

6.3CVSS6.8AI score0.00339EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/08 9:32 p.m.6 views

CVE-2025-8741 macrozheng mall login cleartext transmission

A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The...

6.3CVSS6.8AI score0.00339EPSS
Exploits1References5
Snyk
Snyk
added 2025/08/05 9:44 p.m.3 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via r.URL.Path function in the middleware process. An attacker can execute arbitrary system commands or gain control over managed hosts by accessing the backend login path without authentication...

7.7CVSS7.8AI score0.00596EPSS
Exploits0References2
OSV
OSV
added 2025/08/04 8:46 p.m.8 views

GHSA-FM3M-JRGM-5PPG RatPanel can perform remote command execution without authorization

Summary When an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution RCE vulnerability...

7.7CVSS7.2AI score0.00596EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/08/04 8:46 p.m.16 views

RatPanel can perform remote command execution without authorization

Summary When an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution RCE vulnerability...

7.7CVSS7.7AI score0.00596EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2025/07/14 12:20 a.m.4 views

kernel: ibmvnic: Use kernel helpers for hex dumps

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Use kernel helpers for hex dumps Previously, when the driver was printing hex dumps, the buffer was cast to an 8 byte long and printed using string formatters. If the buffer size was not a multiple of 8 then a read buffe...

7.1CVSS6.7AI score0.00169EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/04 12:0 a.m.5 views

CampCodes Hospital Management System 注入漏洞

CampCodes Hospital Management System is a hospital management system from CampCodes, Inc. An injection vulnerability exists in CampCodes Hospital Management System version 1.0, which results from a SQL injection due to incorrect manipulation of the parameter Username in the file /user-login.php...

9.8CVSS7.7AI score0.00448EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:23 a.m.3 views

CVE-2024-3431

A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin=Field=channeledit of the component Backend. The manipulation of the argument channelid leads to deserialization. The attack can be initiated remotel...

8.8CVSS7.2AI score0.00717EPSS
Exploits0References1
OSV
OSV
added 2025/05/14 10:15 p.m.2 views

CVE-2025-29691

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...

6.1CVSS5.9AI score0.00229EPSS
Exploits1References1
Rows per page
Query Builder