CVE-2018-25398 The Open ISES Project 3.30A SQL Injection via main.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

CVE-2026-10004

Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

CVE-2018-25368

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application...

CVE-2018-25368 Nord VPN 6.14.31 Denial of Service via Password Field

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application...

CVE-2018-25368 Nord VPN 6.14.31 Denial of Service via Password Field

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application...

CVE-2018-25368

NordVPN 6.14.31 is affected by a denial-of-service vulnerability triggered by submitting an excessively long password string. Unauthenticated attackers can crash the application during authentication by pasting a buffer of repeated characters into the password field. The description in the connec...

GHSA-F946-9QP6-VGCH shopper/framework: Authorization bypass in multiple Livewire admin components

Impact Multiple Livewire components in the admin panel allowed an authenticated low-privilege user to mutate data without the required permission: - Order detail Filament actions cancel, mark paid, mark complete, capture payment, archive, start processing were callable with readorders only and di...

EUVD-2026-26669

SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy$sort, $sortType without validation. An authenticated admin can sort users by any database column including password,...

CVE-2026-7131

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2018-25294

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition...

EUVD-2018-21816

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...

CVE-2018-25296

CVE-2018-25296 affects P10 Central Management Software 1.4.13. The vulnerability is a buffer overflow in the login password field that lets a local attacker crash the application by submitting an oversized input (example: a 2000-byte payload). This results in a denial of service. The connected do...

CVE-2018-25296 P10 Central Management Software 1.4.13 Denial of Service

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...

CVE-2018-25296

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...

CVE-2018-25294

CEWE Photoshow 6.3.4 is affected by a buffer overflow in the login dialog. The vulnerability can be triggered by submitting oversized input (up to ~4000 bytes in the email address and password fields), leading to denial of service (crash). Connected documents confirm the existence of this buffer ...

CVE-2018-25294

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition...

CVE-2018-25294 CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition...

CVE-2018-25294 CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition...

PT-2026-35266

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...

Ambient P10 Central Management Software 安全漏洞

Ambient P10 Central Management Software is a management software developed by the American company Ambient, designed for centralized management and monitoring of the operating status of devices and systems. Version 1.4.13 of Ambient P10 Central Management Software contains a security vulnerabilit...