Lucene search
+L

427 matches found

NVD
NVD
added 2025/11/18 4:15 p.m.10 views

CVE-2025-9977

Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...

5.3CVSS0.02158EPSS
Exploits0References2
CVE
CVE
added 2025/11/18 3:46 p.m.27 views

CVE-2025-9977

CVE-2025-9977 affects Times Software E-Payroll. The issue stems from improper sanitization of data in a POST parameter during login, which could let an unauthenticated attacker cause a DoS and may enable SQL injection; command injection attempts have also produced detailed error messages exposing...

5.3CVSS7.5AI score0.02158EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/18 3:46 p.m.7 views

EUVD-2025-198043

Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...

5.3CVSS7.3AI score0.02158EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/18 1:26 p.m.15 views

CVE-2025-59113 Bruteforce Protection Bypass in Windu CMS

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

6.9CVSS0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.8 views

PT-2025-47333

Name of the Vulnerable Software and Affected Versions Times Software E-Payroll affected versions not specified Description The application does not properly sanitize data received in POST parameters during the login process, potentially allowing an unauthenticated attacker to perform...

5.3CVSS7.6AI score0.02158EPSS
Exploits0References4
NVD
NVD
added 2025/11/17 9:15 a.m.6 views

CVE-2025-13271

A vulnerability was determined in Campcodes School Fees Payment Management System 1.0. This impacts an unknown function of the file /ajax.php?action=login. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

9.8CVSS0.00382EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/11/15 12:0 a.m.6 views

PT-2025-47057

Name of the Vulnerable Software and Affected Versions Simple Cafe Ordering System version 1.0 Description A SQL injection issue exists in Simple Cafe Ordering System 1.0. The issue is related to the manipulation of the Username parameter within the /login.php file. This manipulation can be...

9.8CVSS7.5AI score0.0045EPSS
Exploits1References12
OSV
OSV
added 2025/11/05 7:16 p.m.6 views

CVE-2025-55342

Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiarpasswordolvidovalidar.php txtlogin parameter...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.3 views

Ecuador Quipux 安全漏洞

Ecuador Quipux is an electronic document management and process system from Ecuador Ecuador. A security vulnerability exists in Ecuador Quipux versions 4.0.1 through e1774ac, which stems from improper handling of the txtlogin parameter and could lead to username enumeration and access to the...

5.3CVSS6.6AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.10 views

PT-2025-45155

Name of the Vulnerable Software and Affected Versions Quipux versions 4.0.1 through e1774ac Description The software allows for the enumeration of usernames and access to the Ecuadorean identification number for all registered users. This is achieved by manipulating the txt login parameter within...

5.3CVSS6.8AI score0.00238EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/05 12:0 a.m.4 views

EUVD-2025-37931

Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiarpasswordolvidovalidar.php txtlogin parameter...

6.4AI score0.00238EPSS
Exploits0References3
CVE
CVE
added 2025/11/05 12:0 a.m.13 views

CVE-2025-55342

Quipux 4.0.1 through e1774ac is affected by a vulnerability in the Administracion/usuarios/cambiar_password_olvido_validar.php endpoint that allows enumeration of usernames and access to the Ecuadorian identification number for all registered users via the txt_login parameter. The issue stems fro...

5.3CVSS6.5AI score0.00238EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2025/10/31 12:0 a.m.6 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27643)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and escaping of the SERVICE, LOGIN, and PASSWORD parameters, which could be exploited by...

5.4CVSS6.1AI score0.05013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/30 5:32 p.m.4 views

CVE-2025-64116 Movary vulnerable to an open redirect

Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0...

5.1CVSS6.3AI score0.00228EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/30 5:32 p.m.10 views

CVE-2025-64116 Movary vulnerable to an open redirect

Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0...

5.1CVSS0.00228EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.12 views

PT-2025-44443

Name of the Vulnerable Software and Affected Versions Movary versions prior to 0.69.0 Description Movary is a web application used for tracking and exploring movie watch history. Prior to version 0.69.0, the login page accepts a redirect parameter without proper validation. This allows attackers ...

5.1CVSS6.6AI score0.00228EPSS
Exploits1References7
OSV
OSV
added 2025/10/28 3:16 p.m.6 views

CVE-2025-34309

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...

5.4CVSS5.9AI score0.05013EPSS
Exploits0References3
NVD
NVD
added 2025/10/28 3:16 p.m.17 views

CVE-2025-34309

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...

5.4CVSS0.05013EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/28 2:35 p.m.4 views

CVE-2025-34309 IPFire < v2.29 Stored XSS via Dynamic DNS Host

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...

5.1CVSS5.6AI score0.05013EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.7 views

online-shopping-system 安全漏洞

online-shopping-system is an online shopping system by Puneeth Reddy H C Individual Developer. A security vulnerability exists in online-shopping-system version 1.0, which stems from an unvalidated parameter password in login.php, which could lead to a SQL injection attack...

8.2CVSS7.8AI score0.00226EPSS
Exploits0References2
Rows per page
Query Builder