Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-21730

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

6.1CVSS5.5AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-42866

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

6.7CVSS5.6AI score0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 6:23 p.m.9 views

CVE-2026-42866 Tookie: Arbitrary file write via path traversal in -u username / -U userfile output filename

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

6.7CVSS5.9AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:23 p.m.7 views

EUVD-2026-29183

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

6.7CVSS5.9AI score0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 2:34 p.m.30 views

CVE-2026-34578

OPNsense prior to 26.1.6 exposes LDAP injection risk in the WebGUI login: the LDAP authentication connector inserts the username directly into the LDAP search filter without escaping. An unauthenticated attacker can inject LDAP metacharacters to enumerate valid LDAP usernames. If the LDAP server ...

8.2CVSS5.9AI score0.00415EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2026/04/07 5:16 p.m.6 views

CVE-2026-4631

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS6.4AI score0.142EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 2025/12/17 6:2 p.m.7 views

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS6.6AI score0.00567EPSS
Exploits1References1
OSV
OSV
added 2025/12/16 5:16 p.m.7 views

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.3CVSS6.6AI score
Exploits0References4
EUVD
EUVD
added 2025/12/16 5:6 p.m.5 views

EUVD-2023-60195

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS6.2AI score0.00567EPSS
Exploits1References5
Veracode
Veracode
added 2025/12/13 7:40 a.m.5 views

LDAP Injection

pgAdmin is vulnerable to LDAP Injection. The vulnerability is due to improper sanitization of special LDAP characters in the username during the LDAP authentication flow, which allows an attacker to inject crafted input and cause the DC/LDAP server and client to process excessive data...

7.5CVSS5.8AI score0.00362EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:2 a.m.6 views

CVE-2023-1861

The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.4AI score0.28799EPSS
Exploits2References1
Rows per page
Query Builder