Lucene search
K

35318 matches found

Nuclei
Nuclei
added 17 hours ago41 views

Zoo Management System 1.0 - SQL Injection

Zoo Management System 1.0 contains a SQL injection vulnerability via the username parameter on the login page. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7AI score0.01721EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago24 views

Company Visitor Management System 1.0 - SQL Injection

Company Visitor Management System 1.0 contains a SQL injection vulnerability via the login page in the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id...

9.8CVSS7AI score0.02351EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago26 views

iboss Secure Web Gateway - Stored Cross-Site Scripting

A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...

6.1CVSS5.3AI score0.22002EPSS
Exploits4References5
Nuclei
Nuclei
added 17 hours ago15 views

Login Configurator <=2.1 - Cross-Site Scripting

Login Configurator WordPress plugin = 2.1 contains a reflected cross-site scripting caused by improper escaping of URL parameter before outputting it to the page, letting attackers execute scripts in the context of site administrators, exploit requires victim to visit a malicious URL. id:...

6.1CVSS6.7AI score0.00712EPSS
Exploits3References3
Nuclei
Nuclei
added 17 hours ago18 views

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

Privilege escalation vulnerability exists in the Frontend Login and Registration Blocks plugin for WordPress versions = 1.0.7. An unauthenticated attacker can exploit the AJAX endpoint flrblocksusersettingshandleajaxcallback to change the administrator's email address. Subsequently, the attacker...

9.8CVSS7AI score0.06441EPSS
Exploits4References5
Nuclei
Nuclei
added 17 hours ago17 views

WordPress Custom Login And Signup Widget Plugin <= 1.0 - Arbitrary Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in bitto.Kazi Custom Login And Signup Widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through 1.0 id: CVE-2025-49029 info: name: WordPress Custom Login And Signup Widget Plugin = 1.0 -...

9.1CVSS6.1AI score0.02122EPSS
Exploits0References2
Nuclei
Nuclei
added 17 hours ago35 views

MStore API <= 3.9.1 - Authentication Bypass

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...

9.8CVSS7AI score0.03805EPSS
Exploits0References3
Nuclei
Nuclei
added 17 hours ago18 views

Emby Server - Authentication Bypass

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

9.1CVSS6.9AI score0.01713EPSS
Exploits0References2
Nuclei
Nuclei
added 17 hours ago10 views

WordPress tagDiv Composer < 3.5 - Authentication Bypass

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address id:...

9.8CVSS7AI score0.03546EPSS
Exploits2References2
Nuclei
Nuclei
added 17 hours ago84 views

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username...

8.1CVSS6.9AI score0.08377EPSS
Exploits3References3
Nuclei
Nuclei
added 17 hours ago67 views

WordPress Customize Login Image <3.5.3 - Cross-Site Scripting

WordPress Customize Login Image plugin prior to 3.5.3 contains a cross-site scripting vulnerability via the custom logo link on the Settings page. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-33851 info: name: WordPress Customi...

5.4CVSS6.2AI score0.01318EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago74 views

Login with Phone Number - Cross-Site Scripting

Login with Phone Number, versions 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwpforgotpassword' function. id: CVE-2023-23492 info: name: Login with Phone Number - Cross-Site Scripting author: r3Y3r53 severity: high description: | Login wit...

8.8CVSS7AI score0.57123EPSS
Exploits2References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-43156

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...

5.3CVSS6.2AI score0.00298EPSS
Exploits0References12
Nuclei
Nuclei
added yesterday403 views

JFrog Artifactory 6.7.3 - Admin Login Bypass

JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allo...

9.8CVSS7AI score0.53879EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday196 views

Ruijie RG-EW1200G Router Background - Login Bypass

A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to t...

8.8CVSS6.5AI score0.56147EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday111 views

Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass

The WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes...

9.8CVSS7.1AI score0.46242EPSS
Exploits4References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-43074

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

6.1AI score0.00213EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday43 views

QNAP HBS 3 - Broken Access Control

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

10CVSS7.1AI score0.78395EPSS
Exploits0References4
CVE
CVE
added 2 days ago5 views

CVE-2026-15079

The CVE-2026-15079 entry maps to Drupal Login Disable, where the module does not sufficiently protect the login form from brute-force attempts. Affected versions range from 0.0.0 to 2.1.4. The root cause is improper restriction of excessive authentication attempts, enabling brute-force bypass of ...

6.1AI score0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43026

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow accepting an arbitrary email address via the...

9.8CVSS6.2AI score0.00463EPSS
Exploits0References6
Rows per page
Query Builder