2762 matches found
ImpressCMS SQL注入漏洞
ImpressCMS is a modular content management system CMS based on MySQL, developed by ImpressCMS Inc. This system includes modules for news publishing, forums, and photo albums. Version 1.3.11 of ImpressCMS has a SQL injection vulnerability, which stems from insufficient input validation for the bid...
PT-2026-32164
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...
PT-2026-32166
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...
PT-2026-32175
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegroup total parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blin...
Exploit for SQL Injection in Devcode Openstamanager
CVE-2026-24417: OpenSTAManager has a Time-Based Blind SQL Inje...
Exploit for SQL Injection in Devcode Openstamanager
CVE-2026-24416: OpenSTAManager has a Time-Based Blind SQL Inje...
Exploit for SQL Injection in Wbce Wbce_Cms
CVE-2025-65950: WBCE CMS is Vulnerable to Time-Based Blind SQL...
Exploit for SQL Injection in Churchcrm
CVE-2025-68400: ChurchCRM vulnerable to time-based blind SQL I...
CVE-2026-33710
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...
AVideo Unauthenticated SQL Injection Credential Dump
AVideo use auxiliary/gather/avideocatnamesqli msf auxiliaryavideocatnamesqli show actions ...actions... msf auxiliaryavideocatnamesqli set ACTION msf auxiliaryavideocatnamesqli show options ...show and set options... msf auxiliaryavideocatnamesqli run This module requires Metasploit:...
CVE-2026-33710 Chamilo LMS has Weak REST API Key Generation (Predictable)
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...
CVE-2026-35597
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. When a TOTP validation fails, the login handler in pkg/routes/api/v1/login.go calls HandleFailedTOTPAuth and then...
CVE-2026-34727
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback...
Improper Authentication
github.com/zitadel/zitadel is vulnerable to improper authentication. The vulnerability is due to MFA being enforced only when explicitly required by policy, which allows an attacker to bypass additional authentication factors and exploit weaker single-factor sessions, potentially compromising...
CVE-2026-35597
Vikunja prior to 2.3.0 is vulnerable to TOTP brute-forcing because the login failure path writes the account lock status (StatusAccountLocked) on the same DB session that is rolled back after a failed TOTP check. The in-memory counter in HandleFailedTOTPAuth tracks failures, and once it reaches 1...
CVE-2026-35597 Vikunja Affected by TOTP Brute-Force Due to Non-Functional Account Lockout
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. When a TOTP validation fails, the login handler in pkg/routes/api/v1/login.go calls HandleFailedTOTPAuth and then...
CVE-2026-34727 Vikunja ahs a TOTP Two-Factor Authentication Bypass via OIDC Login Path
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback...
CVE-2026-34727
Vikunja
GHSA-FGFV-PV97-6CMJ Vikunja Vulnerable to TOTP Brute-Force Due to Non-Functional Account Lockout
Summary The TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. The account lock is written to the same database session that the login handler always rolls back on TOTP failure, so the lockout is triggered but never persisted. This allows unlimited...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...