157 matches found
EUVD-2026-33389
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible...
CVE-2026-42887
CVE-2026-42887 affects Audiobookshelf before version 2.33.0. The issue is a stored cross-site scripting (XSS) in the Login Page caused by improper sanitization of the authLoginCustomMessage field in the /api/auth-settings endpoint. An attacker with administrative privileges can inject arbitrary H...
homarr 安全漏洞
Homarr is a customizable browser homepage developed by Thomas Camlong, used to interact with the Docker container of the main server. Versions of Homarr prior to 1.57.0 contained security vulnerabilities; these vulnerabilities stemmed from DOM cross-site scripting in the login page, which could...
CVE-2026-4544
A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/loginpage can lead to cross site scripting. It is possible to launch the...
Yzmcms 安全漏洞
Yzmcms is a set of open-source CMS Content Management Systems developed by Yzmcms. Version Yzmcms v7.4 contains a security vulnerability. This vulnerability stems from a reflection cross-site scripting vulnerability in the /index/login.html component. Attackers can execute arbitrary JavaScript in...
CVE-2026-4235
CVE-2026-4235 affects itsourcecode Online Enrollment System 1.0. The vulnerability is an SQL injection in /sms/login.php via the user_email parameter, exploitable remotely over the network (no authentication). The cited exploit is PROOF-OF-CONCEPT. Impact is described in metrics as CONFIDENTIALIT...
CVE-2026-3151 itsourcecode College Management System login.php sql injection
A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...
SICK TDC-X401GL has security vulnerabilities
The SICK TDC-X401GL is a edge computing gateway developed by the German company SICK. The SICK TDC-X401GL has a security vulnerability. This vulnerability arises from the possibility of administrators injecting malicious content into the login page, which could lead to cross-site scripting attack...
CVE-2024-34905
FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2025-1101
A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...
CVE-2025-15410 code-projects Online Guitar Store login.php sql injection
A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Lemail leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available a...
CVE-2025-65881
Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting XSS in /classes/Login.php...
CVE-2025-12928
A vulnerability was detected in code-projects Online Job Search Engine 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument username/phone results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and ma...
EUVD-2025-37488
School Management System PHP v1.0 is vulnerable to Cross Site Scripting XSS in /login.php via the password parameter...
WAVLINK QUANTUM D3G和WAVLINK WL-WN530HG3 安全漏洞
WAVLINK QUANTUM D3G and WAVLINK WL-WN530HG3 are both products of China RuiYin WAVLINK company.WAVLINK QUANTUM D3G is a router.WAVLINK WL-WN530HG3 is a WiFi router. A security vulnerability exists in the WAVLINK QUANTUM D3G and WAVLINK WL-WN530HG3 that originates from a stack-based buffer overflow...
CVE-2025-60783
There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...
Restaurant-Management-System-DBMS-project 安全漏洞
Restaurant-Management-System-DBMS-project is a restaurant management system by Rajvi Patel, an individual developer. A security vulnerability exists in Restaurant-Management-System-DBMS-project version 1.0, which stems from improper handling of SQL query strings in login.php, which can lead to SQ...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23565)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
CVE-2025-11397 SourceCodester Hotel and Lodge Management System login.php sql injection
A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been...
EUVD-2025-32875
A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been...