pybbs 安全漏洞

pybbs is a community platform for Java development by iuiu individual developers. A security vulnerability exists in pybbs 6.0.0 and earlier versions, which stems from a guessable CAPTCHA issue in the function adminlogin/login in the CAPTCHA handling component...

CVE-2025-28171

An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi...

CVE-2025-28171

An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi...

PT-2025-31219 · Grandstream · Grandstream Ucm6510

Name of the Vulnerable Software and Affected Versions: Grandstream UCM6510 versions prior to 1.0.20.53 Description: An issue allows a remote attacker to obtain sensitive information via the Login function. The vulnerable endpoints are /cgi and /webrtccgi. Recommendations: Update to version...

CVE-2025-28171

The CVE-2025-28171 issue affects Grandstream UCM6510 (versions before 1.0.20.53). The vulnerability arises in the login endpoints (/cgi and /webrtccgi), allowing a remote attacker to obtain sensitive information. Remediation: upgrade to version 1.0.20.53 or later. Note: connected PT-2025-31219 co...

CVE-2025-1351

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...

CVE-2025-1351

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...

CVE-2025-1351

IBM Storage Virtualize versions 8.5–8.7 are affected by a race-condition in the login function that could allow a user to escalate privileges to another active session. Remediation from IBM’s security bulletin replaces vulnerable code with fixed versions: 8.5.x: up to 8.5.0.15; 8.5.1.0 and 8.5.2....

CVE-2025-1351 IBM Storage Virtualize privilege escalation

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...

CVE-2025-6580

A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the component Login. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-6551

A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the argument errorMsg leads to cross site scripting. The attack may be initiated...

PT-2025-26674 · Unknown · Java-Aodeng Hope-Boot

Name of the Vulnerable Software and Affected Versions: java-aodeng Hope-Boot version 1.0.0 Description: A issue was found in the Login function of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the errorMsg argument leads to cross-site scripting. The attack ma...

Hope-Boot 输入验证错误漏洞

Hope-Boot is a modern scaffolding project by the individual developer java-aodeng. An input validation error vulnerability exists in Hope-Boot version 1.0.0, which stems from mishandling of the parameter redirecturl in the doLogin function in WebController.java, which could lead to an open redire...

novel-plus 安全漏洞

novel-plus is a novel reading software by xxy individual developer. A security vulnerability exists in novel-plus version 5.1.3 and earlier, which stems from a misbehavior of the function ajaxLogin that results in authentication bypass...

PT-2025-23435 · Wavlink · Wl-Wn530G3A +5

Name of the Vulnerable Software and Affected Versions: WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, and WL-WN576K1 versions up to V1410 240222 Description: A critical issue was found in the affected devices, classified as critical. The problem lies in the function sys...

CVE-2024-28816

Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php...

CVE-2024-1729

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...

CVE-2024-10371

A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used...

CVE-2024-9088

A vulnerability has been found in SourceCodester Telecom Billing Management System 1.0 and classified as critical. This vulnerability affects the function login. The manipulation of the argument uname leads to buffer overflow. The exploit has been disclosed to the public and may be used...

CVE-2023-41594

Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters...