95 matches found
CVE-2026-42887
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...
CVE-2026-10111 sambitraj STUDENT-MANAGEMENT-SYSTEM Login Page sql injection
A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The...
CVE-2026-2374
The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...
PT-2026-42944
A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...
CVE-2026-37470
An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components...
CVE-2025-65417
docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application...
PT-2026-39612
docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application...
CVE-2026-8106 Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft
A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...
CVE-2026-4512
The CVE-2026-4512 entry concerns the WordPress plugin “reCaptcha by WebDesignBy” (before version 2.0). The root cause is the plugin’s Site Key setting not being sanitized/escaped before being output in a JavaScript string context via grecaptcha_js(), enabling stored XSS on multisite installations...
PT-2026-33816
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page index.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database...
CVE-2026-22616
Eaton Intelligent Power Protector IPP software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre...
CVE-2026-5575
SourceCodester/jkev Record Management System 1.0 is affected in the Login component, specifically the file index.php. The vulnerability arises from manipulation of the Username argument, leading to SQL injection. The attack could be launched remotely, and public exploits are available. The connec...
EUVD-2026-19099
A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The...
GHSA-3VFF-HJQV-M7H8 JupyterHub has an Open Redirect Vulnerability
Affected Version JupyterHub = 5.4.3 Impact An open redirect vulnerability in JupyterHub =5.4.3 allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrary attacker-controlled site outside JupyterHub instead of a...
CVE-2026-29100 SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allows attackers to inject arbitrary HTML content, enabling phishing attacks and page defacement. Versio...
CVE-2026-30701
The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...
CVE-2018-25189
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to submit crafted SQL payloads via POST to extract sensitive DB information (usernames, database names, version details). CVSS vectors: CVSS3.1 (AV:N/AC...
CVE-2026-2971
Affects Smart-SSO up to 2.1.1. The vulnerability targets the login.html component (smart-sso-server/src/main/resources/templates/login.html) where manipulation of the redirectUri argument enables cross-site scripting. Exploitation is remote and the exploit is publicly available, with the vendor n...
Apache Syncope Cross-Site Scripting Vulnerability
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope suffers from a cross-site scripting vulnerability that stem...
PT-2026-4727
Name of the Vulnerable Software and Affected Versions code-projects Online Examination System version 1.0 Description A flaw exists in the Online Examination System that allows for remote SQL injection. This occurs through manipulation of the User argument within the /index.php file, specifically...