CVE-2026-10004

Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

CVE-2018-25368

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application...

Nord VPN 安全漏洞

Nord VPN is a proxy software from Nord VPN, Inc. A security vulnerability exists in Nord VPN version 6.14.31 that stems from a denial of service in the password field, which could allow an unauthenticated attacker to crash the application by submitting an extra-long string...

@apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input

Summary The @apostrophecms/cli package contains a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command without proper sanitization or escaping. This allows execution of arbitrary commands on the host...

CVE-2019-25598 HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...

CVE-2019-25598

CVE-2019-25598 affects HeidiSQL Portable 10.1.0.5464. A denial-of-service vulnerability exists where an excessively long string supplied in the password field during Microsoft SQL Server login can overflow a buffer and crash the application. The attack is local and requires the attacker to intera...

PT-2026-26986

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...

PT-2026-26895

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an...

CEWE PHOTO SHOW 安全漏洞

CEWE PHOTO SHOW is a photo display software developed by the British company CEWE. Version 6.4.3 of CEWE PHOTO SHOW contains a security vulnerability. This vulnerability stems from an overly long buffer for password fields. Attackers could exploit this to cause the application to crash by enterin...

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

CVE-2026-25196 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

CVE-2026-2980

A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of the argument passwd1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-70846

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...

CVE-2025-70846

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...

aidigu 安全漏洞

Aidigu is an open-source Weibo project developed by SR. Li lty628 as a personal project. The aidigu v1.9.1 version contains a security vulnerability. This vulnerability stems from the lack of validation on the password input field in the /tools/Password/add page, which may lead to cross-site...

CVE-2025-70846

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...

CVE-2025-70846

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...

CVE-2019-25339

CVE-2019-25339 affects GHIA CamIP 1.2 for iOS. The vulnerability is a denial-of-service in the password input field where pasting a 33-character buffer of repeated characters can crash the application on iOS devices. The provided metrics indicate a high severity under CVSS 3.1/4.0 with local/NETW...

GHIA CamIP 安全漏洞

GHIA CamIP is a mobile monitoring application developed by the GHIA company. GHIA CamIP has a security vulnerability, which stems from a denial-of-service vulnerability in the password input field. This vulnerability could allow attackers to cause the application to crash...

PT-2026-7938

GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices...