Lucene search
+L

427 matches found

CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

Nordex N149/4.0-4.5 Wind Turbine Web Server SQL注入漏洞

The Nordex N149/4.0-4.5 Wind Turbine Web Server is a web server component developed by the German company Nordex, used for remote monitoring and management of the Nordex N149 wind turbine system. The 4.0 version of the Nordex N149/4.0-4.5 Wind Turbine Web Server has a SQL injection vulnerability...

8.8CVSS6.2AI score0.00343EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

BlueNoteMKVI PHP Timeclock SQL注入漏洞

BlueNoteMKVI PHP Timeclock is an employee attendance and working hours recording system developed by BlueNoteMKVI company, based on PHP and MySQL. Version 1.04 of BlueNoteMKVI PHP Timeclock contains a SQL injection vulnerability. This vulnerability stems from the loginuserid parameter in the...

8.8CVSS5.9AI score0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/05/07 8:16 p.m.13 views

CVE-2026-42259

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

5.1CVSS0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 6:54 p.m.19 views

CVE-2026-42259

Technical details are not publicly available in the provided Connected documents. Monitor for updates on Saltcorn CVE-2026-42259 for any vendor advisories or patches beyond the initial description.

5.1CVSS5.7AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.13 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability. This vulnerability stems from the e-mail parameter in the login2 function of the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 7:21 p.m.4 views

CVE-2026-40878 mailcow-dockerized Login Page has Reflected Parameter Injection / Wrong-Context XSS Escaping

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw $SERVER'REQUESTURI' to Twig as a global template variable and renders it inside a JavaScript string literal in the setLang helper of base.twig,...

2.1CVSS6AI score0.00805EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.9 views

PT-2026-32400

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

7.5CVSS5.7AI score0.00268EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.100 views

📄 Pachno 1.0.6 Open Redirection

Pachno version 1.0.6 suffers from an open redirection vulnerability. Input passed via the returnto GET/POST parameter to the login endpoint is not properly verified before being used to redirect users. The getLoginForwardUrl helper applies htmlentities to the value which is intended for HTML outp...

5.9AI score
Exploits0
CVE
CVE
added 2026/04/10 5:22 p.m.23 views

CVE-2025-66447

CVE-2025-66447 affects Chamilo LMS versions 1.11.0 through 2.0-beta.1, where an attacker can trigger a malicious redirect on the login page via the redirect parameter. The issue is addressed in 2.0-beta.2. Public sources (NVD/Red Hat/others) describe a login-page redirect vulnerability with a fix...

4.7CVSS5.8AI score0.00165EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.8 views

PT-2026-31998

Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2...

5.8AI score0.00165EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/06 4:30 p.m.27 views

CVE-2026-5669 Cyber-III Student-Management-System Parameter login.php sql injection

A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Parameter Handler. Such manipulation of the argument Password leads to sql injection. It is possibl...

7.5CVSS0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30679

Name of the Vulnerable Software and Affected Versions Cyber-III Student-Management-System versions up to 1a938fa61e9f735078e9b291d2e6215b4942af3f Description A SQL injection issue exists in the Parameter Handler component of Cyber-III Student-Management-System. The vulnerability is located in the...

7.5CVSS7.3AI score0.00259EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/05 8:15 a.m.1 views

CVE-2026-5551 itsourcecode Free Hotel Reservation System Parameter login.php sql injection

A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. The manipulation of the argument email results in sql injection. The attack may be launched remotel...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.11 views

Code-Projects Concert Ticket Reservation System SQL注入漏洞

The Code-Projects Concert Ticket Reservation System is an open-source system for booking concert tickets. Version 1.0 of the Code-Projects Concert Ticket Reservation System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter Email in the file...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.13 views

PT-2026-30421

A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. The manipulation of the argument email results in sql injection. The attack may be launched remotel...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/02 5:15 p.m.22 views

CVE-2026-5368 projectworlds Car Rental Project Parameter login.php sql injection

A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...

7.5CVSS0.00333EPSS
Exploits1References4
NVD
NVD
added 2026/04/01 3:22 p.m.13 views

CVE-2026-30526

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The application reflects the content of the msg parameter back to the user without proper HTML encoding or...

6.1CVSS0.00252EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.5 views

CVE-2026-5180

A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

7.5CVSS6.9AI score0.00325EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

TeamPass 跨站脚本漏洞

TeamPass is an open-source password manager developed by Nils Laumaillé. Versions of TeamPass prior to 3.1.5.16 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning or encoding of user input in the “contraseña” parameter of the login form, which could...

9.3CVSS5.6AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.7 views

CVE-2025-69245

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6...

6.1CVSS6.1AI score0.00277EPSS
Exploits0References1
Rows per page
Query Builder