CVE-2026-25620 Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...

EUVD-2026-34903

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...

CVE-2026-45344 LinkAce: Setup database password newline injection enables pre-auth RCE on uninitialized instances

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

LogonTracer 安全漏洞

LogonTracer is a visual system log analysis tool developed by the Japanese JPCERT organization. This product can detect malicious login attempts by analyzing Windows Active Directory event logs. Versions of LogonTracer prior to 2.0.0 contained security vulnerabilities; these vulnerabilities were...

EUVD-2026-19396

A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Parameter Handler. Such manipulation of the argument Password leads to sql injection. It is possibl...

FreeSMS SQL注入漏洞

FreeSMS is a student management system developed by Cristeab’s individual developers. Version 2.1.2 of FreeSMS contains an SQL injection vulnerability. This vulnerability stems from the password parameter, which allows for SQL injections, potentially enabling unverified attackers to bypass...

CVE-2019-25436

Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to...

MiracleLinux 7 : ImageMagick-6.9.10.68-5.el7 (AXSA:2021-1086:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1086:01 advisory. ImageMagick: Shell injection via PDF password could result in arbitrary code execution CVE-2020-29599 Tenable has extracted the preceding description block...

EUVD-2025-200230

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...

EUVD-2025-37492

Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php...

EUVD-2025-30384

Malicious code in bioql PyPI...

CVE-2025-55848

An issue was discovered in DIR-823 firmware 20250416. There is an RCE vulnerability in the setcassword settings interface, as the httpcasswd parameter is not filtered by '&'to allow injection of reverse connection commands...

CVE-2025-10767

A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remoteupload/remotedownload of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration"PASSWORD" results in os command injection. The...

CVE-2025-10767 CosmodiumCS OnlyRAT Configuration File main.py remote_download os command injection

A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remoteupload/remotedownload of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration"PASSWORD" results in os command injection. The...

CVE-2025-9770

A weakness has been identified in Campcodes Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Dashboard Login. This manipulation of the argument Password causes sql injection. It is possible to initiate the attack...

CVE-2024-25214

An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html...

Softing Secure Integration Server 授权问题漏洞

Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a robust OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing, and security supervision. An authorization issue vulnerability exists in Softing Secure...

CVE-2022-30052

In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks...

Cisco SD-WAN vManage Software 安全漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A security vulnerability exists in Cisco SD-WAN vManage Software that stems from insufficient input validation in the web management interface. The vulnerability could allow ...

Killmonster <= 2.1 (Auth Bypass) SQL Injection Vulnerability

No description provided by source. + Killmonster = 2.1 Auth Bypass SQL Injection Vulnerability + Discovered by cr4wl3r cr4wl3r!linuxmail.org + Download : http://scripts.ringsworld.com/games-and-entertainment/km2/ + Vuln Code : login.php form method=POST action=authenticate.php Type Username Here:...