26 matches found
WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...
PT-2026-44961
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 Description A stored cross-site scripting XSS issue exists on the SAML login page. Stored XSS occurs when an application receives data from a user and includes that data within its later HTTP respons...
EUVD-2020-7362
Malware in sbrugna...
EUVD-2019-16933
Malware in sbrugna...
EUVD-2013-4022
Malware in sbrugna...
EUVD-2017-6340
Malware in sbrugna...
EUVD-2020-4008
Malware in sbrugna...
EUVD-2006-4844
Malware in sbrugna...
EUVD-2022-48756
Malicious code in bioql PyPI...
EUVD-2022-37851
Malicious code in bioql PyPI...
UTCMS 安全漏洞
UTCMS is a content management system built on the UT framework by the individual developer of usaltool. A security vulnerability exists in UTCMS version 9, which stems from an improper comparison of the code parameter in the file app/modules/ut-frame/admin/login.php...
CVE-2024-52680
EyouCMS 1.6.7 is vulnerable to Cross Site Scripting XSS in /login.php?m=admin&c=System&a=web&lang=cn...
CVE-2025-52552 FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS
FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to...
PT-2025-26492
Name of the Vulnerable Software and Affected Versions: FastGPT versions prior to 4.9.12 Description: The issue concerns the LastRoute Parameter on the login page, which is vulnerable to open redirect and DOM-based XSS due to improper validation and lack of sanitization. This allows attackers to...
CVE-2023-34635
Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page...
CVE-2013-3589
Cross-site scripting XSS vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter...
CVE-2025-22373
CVE-2025-22373 targets SicommNet BASEC (SaaS) and centers on Improper Neutralization of Input During Web Page Generation, i.e., a Reflected XSS vulnerability that can be triggered via input and HTTP query strings to render arbitrary HTML and alter CSS styles. Affected component is BASEC on SaaS, ...
CVE-2024-54820
XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability allows attackers to extract all usernames and passwords via a crafted input...
PT-2024-26519 · Finesoft · Finesoft
Name of the Vulnerable Software and Affected Versions: FineSoft version 8.0 Description: A cross-site scripting XSS issue in the login page allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt...
PT-2023-21486 · Hcl · Hcl Bigfix Webui
Name of the Vulnerable Software and Affected Versions: HCL BigFix WebUI affected versions not specified Description: The issue allows a malicious user to redirect the client browser to an external site via a redirect URL response header in the login page. Recommendations: At the moment, there is ...