Lucene search
+L

427 matches found

CVE
CVE
added 2026/02/20 10:54 p.m.16 views

CVE-2019-25438

CVE-2019-25438 affects LabCollector 5.423. The vulnerability is multiple SQL injection flaws exploitable by unauthenticated attackers through POST parameters, specifically login.php (login) and retrieve_password.php (user_name), enabling extraction of sensitive database information. No remediatio...

8.8CVSS6.4AI score0.00478EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:48 p.m.4 views

CVE-2019-25320

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

8.8CVSS5.5AI score0.00308EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/02/06 3:32 p.m.9 views

EUVD-2026-5660

A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

7.5CVSS7.2AI score0.00326EPSS
Exploits1References5
CVE
CVE
added 2026/02/06 3:32 p.m.20 views

CVE-2026-2057

CVE-2026-2057 affects SourceCodester Medical Center Portal Management System 1.0. The vulnerability exists in an unknown function within the /login.php file, where manipulation of the User argument enables SQL injection. This can be exploited remotely and, according to connected sources, the expl...

9.8CVSS5.3AI score0.00326EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

SourceCodester Medical Center Portal Management System SQL注入漏洞

The SourceCodester Medical Center Portal Management System is an open-source portal management system developed by SourceCodester. Version 1.0 of the SourceCodester Medical Center Portal Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of...

9.8CVSS7.2AI score0.00326EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/30 10:7 p.m.3 views

CVE-2020-37033 Infor Storefront B2B 1.0 - 'usr_name' SQL Injection

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

8.8CVSS5.7AI score0.00362EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.11 views

PT-2026-5474

Name of the Vulnerable Software and Affected Versions Infor Storefront B2B version 1.0 Description Infor Storefront B2B version 1.0 contains a SQL injection issue that allows attackers to manipulate database queries. This is achieved through the usr name parameter within login requests. Attackers...

8.8CVSS6AI score0.00362EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/16 2:23 p.m.13 views

CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

6.1CVSS6.8AI score0.00324EPSS
Exploits0References1
OSV
OSV
added 2026/01/15 1:16 p.m.5 views

CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

6.1CVSS5.8AI score0.00324EPSS
Exploits0References6
NVD
NVD
added 2026/01/15 1:16 p.m.7 views

CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

6.1CVSS0.00324EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/15 1:3 p.m.5 views

EUVD-2026-2810

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

4.3CVSS6.3AI score0.00324EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/15 1:3 p.m.3 views

CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

6.1CVSS5.5AI score0.00324EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/15 1:3 p.m.28 views

CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

4.3CVSS0.00324EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/15 1:3 p.m.3 views

CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

4.3CVSS6.4AI score0.00324EPSS
Exploits0References6
CVE
CVE
added 2026/01/15 1:3 p.m.18 views

CVE-2026-22912

CVE-2026-22912 describes improper validation of a login parameter that may redirect authenticated users to malicious websites, potentially enabling credential theft. Multiple feeds (Red Hat, CIRCL, NVD, SICK PSIRT, CVE lists) repeat the same description; no concrete exploit code, affected product...

6.1CVSS6.4AI score0.00324EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.7 views

PT-2026-2993

Name of the Vulnerable Software and Affected Versions affected versions not specified Description Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication, potentially leading to credential theft. Recommendations At the moment, ther...

6.1CVSS6.4AI score0.00324EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/01/12 2:39 p.m.8 views

CVE-2025-41006 Multiple vulnerabilities in Imaster products Open configuration options

Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’...

9.3CVSS7.7AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:39 p.m.7 views

CVE-2023-43381

SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php...

7.5CVSS7.6AI score0.01018EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:57 a.m.8 views

CVE-2020-12273

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...

7.5CVSS6.8AI score0.00753EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.4 views

CVE-2025-59379

DwyerOmega Isensix Advanced Remote Monitoring System ARMS 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal credentials, which may be cleartext, from...

7.5CVSS7.6AI score0.00341EPSS
Exploits0References1
Rows per page
Query Builder