CVE-2026-4235

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

WAVLINK WL-NU516U1 代码注入漏洞

WAVLINK WL-NU516U1 is a wireless print server developed by WAVLINK Corporation. The version 240425 of WAVLINK WL-NU516U1 has a code injection vulnerability. This vulnerability stems from incorrect handling of parameters homepage/hostname in the function sub404F68 within the file /cgi-bin/login.cg...

itsourcecode Online Enrollment System SQL注入漏洞

itsourcecode Online Enrollment System is an open-source online registration system developed by itsourcecode. Version 1.0 of the itsourcecode Online Enrollment System has a SQL injection vulnerability. This vulnerability stems from improper handling of the useremail parameter in the...

CVE-2026-4166 Wavlink WL-NU516U1 login.cgi sub_404F68 cross site scripting

A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and coul...

CVE-2026-4166

CVE-2026-4166 affects Wavlink WL-NU516U1 (firmware 240425). The vulnerable component is the function sub_404F68 in /cgi-bin/login.cgi, where manipulation of the homepage/hostname argument triggers a cross-site scripting (XSS) vulnerability. The attack can be launched remotely and the exploit has ...

CVE-2026-4166 Wavlink WL-NU516U1 login.cgi sub_404F68 cross site scripting

A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and coul...

CVE-2026-3703

A flaw has been found in Wavlink NU516U1 251208. This affects the function sub401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading...

CVE-2026-3746

Consolidated details across multiple sources identify CVE-2026-3746 as a SQL injection in SourceCodester Simple Responsive Tourism Website 1.0, affecting the Login component’s file /tourism/classes/Login.php?f=login. The bug arises from manipulating the Username argument, enabling remote exploita...

CVE-2026-3703 Wavlink NU516U1 login.cgi sub_401A10 out-of-bounds write

A flaw has been found in Wavlink NU516U1 251208. This affects the function sub401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading...

CVE-2026-3613

A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly...

CVE-2026-3613

The CVE describes a stack-based buffer overflow in Wavlink WL-NU516U1 (firmware v240425) via the function sub_401A0C in /cgi-bin/login.cgi, caused by manipulation of the ipaddr argument. This allows a remote attacker to exploit a vulnerability with a publicly available exploit, potentially impact...

CVE-2026-3133

A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit ha...

📄 Supermicro X8 Vulnerability Scanner

This code is a vulnerability scanner designed to scan for vulnerabilities in the Supermicro Onboard IPMI interface. The code checks for two known buffer overflow vulnerabilities. The checks are for older issues from 2013...

CVE-2026-2686 SECCN Dingcheng G10 session_login.cgi qq os command injection

A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/sessionlogin.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclose...

EUVD-2026-6134

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-2527

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-2173 code-projects Online Examination System login.php sql injection

A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely...

GYM-MANAGEMENT-SYSTEM 安全漏洞

GYM-MANAGEMENT-SYSTEM is a gym management system by Abhishek S Individual Developer. A security vulnerability exists in GYM-MANAGEMENT-SYSTEM version 1.0, which stems from the name, email, and comment parameters in submitcontact.php, username and passkey parameters in securelogin.php, and changes...

CVE-2023-29709

An issue was discovered in /cgi-bin/loginrj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication...

CVE-2025-15410

A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Lemail leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available a...