SourceCodester Hotel and Lodge Management System 安全漏洞

SourceCodester Hotel and Lodge Management System is SourceCodester open source hotel and lodge management system. A security vulnerability exists in SourceCodester Hotel and Lodge Management System version 1.0, which stems from an incorrect manipulation of the parameter email in the file login.ph...

EUVD-2025-24642

Malicious code in bioql PyPI...

EUVD-2023-51614

Malicious code in bioql PyPI...

EUVD-2025-30386

Malicious code in bioql PyPI...

EUVD-2025-26315

Malicious code in bioql PyPI...

EUVD-2025-26157

Malicious code in bioql PyPI...

EUVD-2025-29074

Malicious code in bioql PyPI...

CVE-2025-10775

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-10833 1000projects Bookstore Management System login.php sql injection

A vulnerability was determined in 1000projects Bookstore Management System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument unm causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed a...

CVE-2025-10775

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-10775

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-10775 Wavlink WL-NU516U1 login.cgi sub_4012A0 os command injection

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

PT-2025-38673

Name of the Vulnerable Software and Affected Versions: Wavlink WL-NU516U1 version 240425 Description: A security issue has been identified in the sub 4012A0 function of the /cgi-bin/login.cgi file. Manipulation of the ipaddr argument can lead to operating system command injection. This attack is...

CVE-2025-10599

A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Impacted is the function User::AuthenticateUser of the file login.php. Performing manipulation of the argument useremail results in sql injection. Remote exploitation of the attack is possible...

CVE-2025-10711 07FLYCMS/07FLY-CMS/07FlyCRM Login cross site scripting

A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Name leads to cross site scripting. The attack may be performed from remote. The exploit has been...

CVE-2025-34184

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

CVE-2025-34184

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

CVE-2025-34184

CVE-2025-34184 affects Ilevia EVE X1 Server (≤4.7.18.0.eden). The vulnerability is an unauthenticated OS command injection in /ajax/php/login.php, allowing remote attackers to inject commands via the passwd POST parameter and potentially achieve full system compromise or DoS. Some sources also do...

CVE-2025-34184

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

CVE-2025-34184 Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...