Lucene search
K

12010 matches found

Nuclei
Nuclei
added 12 hours ago78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago26 views

Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration

Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration CVE-2022-28987. The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames. id: CVE-2022-28987 info: name: Zoho ManageEngine ADSelfServi...

5.3CVSS6.2AI score0.09705EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago23 views

AnythingLLM - Username Enumeration via Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

5.3CVSS6.1AI score0.00713EPSS
Exploits1
Nuclei
Nuclei
added 12 hours ago31 views

Usermin 2.100 - Username Enumeration

Usermin version 2.100 and below is susceptible to username enumeration via the password change functionality. An attacker can determine valid usernames by analyzing the response messages from the password change endpoint. id: CVE-2024-44762 info: name: Usermin 2.100 - Username Enumeration author:...

5.3CVSS6.2AI score0.02621EPSS
Exploits5References4
Nuclei
Nuclei
added 12 hours ago50 views

Pritunl VPN Server 1.29.2145.25 - Username Enumeration

Pritunl 1.29.2145.25 contains a username enumeration issue caused by different error responses in /auth/session login attempts, letting attackers verify valid usernames, exploit requires network access to the login endpoint. id: CVE-2020-25200 info: name: Pritunl VPN Server 1.29.2145.25 - Usernam...

5.3CVSS6.2AI score0.0747EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago12 views

Loan Management System 1.0 - SQL Injection

Loan Management System 1.0 contains a SQL injection vulnerability via the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2025-9744 info: name:...

9.8CVSS7AI score0.01664EPSS
Exploits3References3
Nuclei
Nuclei
added 12 hours ago42 views

Zoo Management System 1.0 - SQL Injection

Zoo Management System 1.0 contains a SQL injection vulnerability via the username parameter on the login page. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7AI score0.01721EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago44 views

Purchase Order Management v1.0 - Cross Site Scripting (Reflected)

Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the password parameter at /purchaseorder/classes/login.php. id: CVE-2023-29623 info: name: Purchase Order Management v1.0 - Cross Site Scripting Reflected author: theamanrawat severity:...

6.1CVSS6.4AI score0.0125EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago58 views

modoboa 2.0.4 - Admin TakeOver

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...

9.8CVSS7AI score0.15088EPSS
Exploits4References4
Nuclei
Nuclei
added 12 hours ago43 views

WAVLINK WN533A8 - Improper Access Control

WAVLINK WN533A8 M33A8.V5030.190716 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IPADDRESS/sysinit.shtml?r=52300 and searching for logincheckuser; and thereby possibly obtain sensitive information, modify data, and/or execute...

7.5CVSS7AI score0.16583EPSS
Exploits4References5
EUVD
EUVD
added 19 hours ago5 views

EUVD-2026-43563

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS6.2AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-62184

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS6.2AI score
Exploits0References4
CVE
CVE
added yesterday6 views

CVE-2026-62184

CVE-2026-62184 affects the OpenWrt luci-app-banip component. The issue is a log-parsing vulnerability in an awk-based parser that always extracts the first IPv4 address from a log line, regardless of its actual field position. An unauthenticated remote attacker can inject an IP address via attack...

8.7CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday21 views

CVE-2026-62184 luci-app-banip Log Monitor IP Extraction Bypass

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-61503

Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and...

6.9CVSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-61501

Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that is written to the error log and executes JavaScript in an administrator's browser when the logs ar...

6.1CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday23 views

CVE-2026-61503 Rejetto HFS < 3.2.1 Username Enumeration via Login Response Differences

Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and...

6.9CVSS
Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2026-61503

CVE-2026-61503 – Rejetto HFS : Affects HFS 3.0.0–3.2.0. The login endpoint returns observably different responses depending on whether the username exists, enabling remote, unauthenticated actors to confirm valid accounts (including the default admin) and facilitating password guessing and sessio...

6.9CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-43282

A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References7
NVD
NVD
added yesterday5 views

CVE-2026-15532

A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is...

4.8CVSS0.0021EPSS
Exploits0References6
Rows per page
Query Builder