24 matches found
CVE-2025-15574
When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...
CVE-2025-15574
When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...
CVE-2025-15574 Insecure Credential Generation for Solax Power Pocket WiFi models MQTT Cloud Connection
When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...
CVE-2025-15574 Insecure Credential Generation for Solax Power Pocket WiFi models MQTT Cloud Connection
When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...
CVE-2025-15574
When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...
CVE-2025-15574
CVE-2025-15574 affects Solax Power Pocket WiFi models connected to the Solax Cloud MQTT server. The vulnerability stems from using the device registration number as the username and deriving the password from the same registration number with a proprietary XOR/transposition algorithm, enabling an...
PT-2026-7836
Name of the Vulnerable Software and Affected Versions Solax Power Pocket WiFi models affected versions not specified Description The username for connecting to the Solax Cloud MQTT server is the “registration number,” a 10-character string found on the SolaX Power Pocket device or its QR code. Th...
SolaX Power Pocket 安全漏洞
SolaX Power Pocket is a monitoring data collection tool developed by SolaX Energy in China. There is a security vulnerability in SolaX Power Pocket. This vulnerability arises when the password is derived from the registration number using a proprietary XOR/transpose algorithm during connection to...
CVE-2025-41024
Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country', 'mobilenumbe...
CVE-2025-41024
Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country',...
CVE-2025-41024 Stored Cross-Site Scripting in Poultry Farm Management System
Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country',...
PT-2026-3550
Name of the Vulnerable Software and Affected Versions Poultry Farm Management System version 1.0 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data when a POST request is made. The following parameters in the '/farm/farmprofile.php'...
CVE-2026-0803
A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The...
EUVD-2025-199035
Malicious code in sa-company-registration-number-regex npm...
Taxi Stand Management System admin/new-autoortaxi-entry-form.php file cross-site scripting vulnerability
Taxi Stand Management System is a cab stand management system. Taxi Stand Management System suffers from a cross-site scripting vulnerability that originates from the incorrect operation of the parameter registrationnumber/licensenumber in the file /admin/new-autoortaxi-entry-form.php, for which ...
CVE-2025-8115
A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument registrationnumber/licensenumber leads to cros...
PHPGurukul Taxi Stand Management System 代码注入漏洞
Taxi Stand Management System is a cab stand management system. Taxi Stand Management System suffers from a cross-site scripting vulnerability that originates from the incorrect operation of the parameter registrationnumber/licensenumber in the file /admin/new-autoortaxi-entry-form.php, for which ...
Transport Management System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Transport Management System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Library System SQL Injection Vulnerability
Library System is a library management system by the individual developer nurhodelta17. A SQL injection vulnerability exists in Library System version 1.0, which stems from the fact that incorrect manipulation of the parameters email/regno/phone/username can lead to sql injection...
CVE-2023-50566
A stored cross-site scripting XSS vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter...