CVE-2019-25572 NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash...

CVE-2019-25572

NordVPN 6.19.6 is affected by a denial-of-service vulnerability in the login flow: an excessively long string (about 100,000 characters) submitted in the email input can crash the application. The issue is triggered by a local attacker who can paste the long buffer into the email field during log...

PT-2026-26917

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash...

WordPress plugin Infomaniak Connect for OpenID 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-2173

A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely...

Blood Bank Management System 安全漏洞

Blood Bank Management System is a blood bank management system by shridhar shukla individual developer. A security vulnerability exists in Blood Bank Management System version 1.0, which stems from the login.php component not cleaning up user input, which could lead to a cross-site scripting atta...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.1.2 that stems from insufficient...

EUVD-2024-55004

Malicious code in bioql PyPI...

CVE-2025-44024

Cross-Site Scripting XSS vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process...

CVE-2025-1160

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument username/password leads to use of default credentials. The attack may be launched...

PT-2024-16087 · Didi Ddmq · Didi Ddmq

Name of the Vulnerable Software and Affected Versions: didi DDMQ version 1.0 Description: A critical vulnerability has been found in the Console Module component of didi DDMQ, affecting an unknown functionality. The manipulation of the input /;login leads to improper authentication. This issue ca...

Simopro Technology WinMatrix3 SQL注入漏洞

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a SQL injection vulnerability that stems from a lack of proper validation of user...

PT-2024-38163 · Simopro Technology · Winmatrix3 Web Package

Name of the Vulnerable Software and Affected Versions: WinMatrix3 Web package from Simopro Technology affected versions not specified Description: The issue concerns the login functionality, which lacks proper validation of user input. This allows unauthenticated remote attackers to inject SQL...

CVE-2024-3776

The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks...

Siemens SIMATIC 安全漏洞

SIMATIC PCS 7 is a process control system.SIMATIC WinCC is an automated data acquisition and monitoring SCADA system.SIMATIC WinCC Runtime Professional is used for operator visualization of the runtime platform for the control and monitoring of machines and equipment. A denial of service...

CVE-2024-0737

A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2023-20168

A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed...

CVE-2023-37069

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection SQLI attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login...

Hospital Management System SQL注入漏洞

A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. A SQL injection vulnerability exists in Hospital Management System version V1.0, which stems from the application's inability to...

CVE-2023-34635

Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page...