Lucene search
+L

75 matches found

ptsecurity
ptsecurity
added 2026/01/30 12:0 a.m.11 views

PT-2026-5474

Name of the Vulnerable Software and Affected Versions Infor Storefront B2B version 1.0 Description Infor Storefront B2B version 1.0 contains a SQL injection issue that allows attackers to manipulate database queries. This is achieved through the usr name parameter within login requests. Attackers...

8.8CVSS6AI score0.00362EPSS
Exploits0References6
euvd
euvd
added 2025/12/31 12:31 a.m.5 views

EUVD-2022-55927

H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the loginsubmit.cgi endpoint and analyze response messages to distinguish between existing and non-existing...

7.5CVSS6.3AI score0.00315EPSS
Exploits1References5
euvd
euvd
added 2025/12/22 3:32 a.m.8 views

EUVD-2025-204687

A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

7.5CVSS7.2AI score0.00322EPSS
Exploits1References6
nvd
nvd
added 2025/12/09 9:15 p.m.6 views

CVE-2021-47717

IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information...

6.9CVSS0.00313EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/12/09 12:0 a.m.5 views

IntelliChoice eFORCE Software Suite 安全漏洞

IntelliChoice eFORCE Software Suite is an integrated software for public safety and law enforcement agencies from IntelliChoice USA. A security vulnerability exists in IntelliChoice eFORCE Software Suite version 2.5.9, which stems from a username enumeration issue with the UserName parameter that...

6.9CVSS6.8AI score0.00313EPSS
Exploits0References4
euvd
euvd
added 2025/11/24 9:31 p.m.4 views

EUVD-2025-198998

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

6.1CVSS5.7AI score0.00246EPSS
Exploits1References3
nvd
nvd
added 2025/11/24 9:16 p.m.9 views

CVE-2025-63498

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

6.1CVSS0.00246EPSS
Exploits1References4
osv
osv
added 2025/11/24 9:16 p.m.4 views

UBUNTU-CVE-2025-63498

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

6.1CVSS5.8AI score0.00246EPSS
Exploits1References7
cvelist
cvelist
added 2025/11/24 12:0 a.m.10 views

CVE-2025-63498

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

0.00246EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/10/17 2:52 p.m.7 views

CVE-2025-61539

Cross site scripting XSS vulnerability in Ultimate PHP Board 2.2.7 via the uname parameter in lostpassword.php...

6.1CVSS6.1AI score0.00251EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-2336

Malware in sbrugna...

7.5CVSS6.4AI score0.01999EPSS
Exploits2References5
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-5905

Malware in sbrugna...

9.8CVSS9.5AI score0.01454EPSS
Exploits1References2
euvd
euvd
added 2025/10/05 9:30 p.m.7 views

EUVD-2025-32467

A vulnerability was identified in Belkin F9K1015 1.00.10. The affected element is an unknown function of the file /goform/formWanTcpipSetup. The manipulation of the argument pppUserName leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and...

9CVSS8.8AI score0.01036EPSS
Exploits1References6
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-32545

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01571EPSS
Exploits1References4
cnnvd
cnnvd
added 2025/09/09 12:0 a.m.7 views

SiempreCMS SQL注入漏洞

SiempreCMS is a content management system of SiempreCMS open source. SiempreCMS 1.3.6 and earlier versions have a SQL injection vulnerability that stems from incorrect manipulation of the parameter name/userName in the file usersearchajax.php resulting in SQL injection...

7.5CVSS7.8AI score0.00302EPSS
Exploits0References4
cnvd
cnvd
added 2025/07/18 12:0 a.m.4 views

Modern Bag login-back.php File SQL Injection Vulnerability

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter user-name in file /admin/login-back.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute...

9.8CVSS8.3AI score0.00394EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/07/12 12:0 a.m.4 views

Code-Projects Modern Bag 注入漏洞

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter user-name in file /admin/login-back.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References6
redhatcve
redhatcve
added 2025/05/23 3:30 a.m.5 views

CVE-2023-26959

Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter...

9.8CVSS8.2AI score0.00839EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/04/03 12:0 a.m.4 views

Gym Management System 注入漏洞

Gym Management System is a gym management system from SourceCodester. An injection vulnerability exists in Gym Management System version 1.0, which stems from an incorrect manipulation of the parameter username that can lead to SQL injection...

9.8CVSS7.9AI score0.00514EPSS
Exploits1References5
cnnvd
cnnvd
added 2024/11/15 12:0 a.m.5 views

WordPress plugin Yotpo: Product & Photo Reviews for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.1CVSS7.7AI score0.00443EPSS
Exploits0References2
Rows per page
Query Builder