Lucene search
+L

150 matches found

nvd
nvd
added 2026/02/01 1:15 p.m.5 views

CVE-2021-47911

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...

5.4CVSS0.00171EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/02/01 12:15 p.m.3 views

CVE-2021-47911 Affiliate Pro 1.7 Reflected Cross-Site Scripting via Index Module

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...

5.4CVSS5.1AI score0.00171EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/01/30 4:2 p.m.5 views

CVE-2026-1688

A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS5.8AI score0.00326EPSS
Exploits1References5Affected Software1
redhatcve
redhatcve
added 2026/01/16 12:24 a.m.6 views

CVE-2025-70892

Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint...

9.8CVSS7.8AI score0.00414EPSS
Exploits2References1
euvd
euvd
added 2026/01/15 12:0 a.m.7 views

EUVD-2026-2701

Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint...

9.8CVSS7.3AI score0.00414EPSS
Exploits2References4
redhatcve
redhatcve
added 2026/01/09 11:36 a.m.7 views

CVE-2021-41487

NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'...

9.8CVSS8.1AI score0.01678EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/01/09 12:0 a.m.7 views

PT-2026-1773

Name of the Vulnerable Software and Affected Versions RainyGao DocSys versions up to 2.02.37 Description A flaw exists in RainyGao DocSys that allows for SQL injection. The issue is located in an unknown function within the file com/DocSystem/mapping/UserMapper.xml. Manipulating the Username...

6.5CVSS6.5AI score0.00378EPSS
Exploits1References8
cve
cve
added 2026/01/08 12:26 a.m.21 views

CVE-2026-21868

CVE-2026-21868 affects Flag Forge, specifically versions 2.3.2 and earlier. The vulnerability is a Regular Expression Denial of Service (ReDoS) in the user profile API endpoint /api/user/[username], where the application builds a regex dynamically from the unescaped username input. An attacker ca...

7.5CVSS6.4AI score0.00268EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2025/12/30 12:0 a.m.8 views

PT-2025-54211

Name of the Vulnerable Software and Affected Versions BiggiDroid Simple PHP CMS version 1.0 Description A flaw exists in BiggiDroid Simple PHP CMS 1.0, specifically within the Admin Login component. Manipulation of the Username argument in the /admin/login.php file can lead to SQL injection. This...

7.5CVSS7.5AI score0.00333EPSS
Exploits1References8
vulnrichment
vulnrichment
added 2025/12/23 10:2 p.m.4 views

CVE-2025-15047 Tenda WH450 HTTP Request PPTPDClient stack-based overflow

A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated remotely. The exploit h...

10CVSS9.4AI score0.01096EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2025/12/12 3:32 p.m.2 views

CVE-2025-14565 kidaze CourseSelectionSystem login1.php sql injection

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed fro...

7.5CVSS6.7AI score0.00339EPSS
Exploits1References5
osv
osv
added 2025/12/09 10:47 p.m.4 views

GHSA-4C65-9GQF-4W8H Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool

Summary A command injection vulnerability is present in the function tool runsshcommandwithcredentials available to AI agents. Details This is the source code of the function tool runsshcommandwithcredentials code: python @functiontool def runsshcommandwithcredentials host: str, username: str,...

9.6CVSS8.4AI score0.01831EPSS
Exploits1References5
redhatcve
redhatcve
added 2025/12/03 2:2 p.m.6 views

CVE-2025-11783

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

9.8CVSS7.9AI score0.00532EPSS
Exploits0References1
euvd
euvd
added 2025/12/02 9:31 p.m.7 views

EUVD-2025-200294

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query...

6.5CVSS7.4AI score0.00179EPSS
Exploits0References3
nvd
nvd
added 2025/12/02 9:15 p.m.5 views

CVE-2025-65380

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query...

6.5CVSS0.00179EPSS
Exploits0References2
euvd
euvd
added 2025/12/02 3:30 p.m.7 views

EUVD-2025-200233

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

8.5CVSS7.8AI score0.00532EPSS
Exploits0References2
nvd
nvd
added 2025/12/02 1:15 p.m.5 views

CVE-2025-11783

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

9.8CVSS0.00532EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/12/02 1:1 p.m.2 views

CVE-2025-11783 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

8.5CVSS7.9AI score0.00532EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/12/02 12:0 a.m.5 views

PT-2025-48782

Name of the Vulnerable Software and Affected Versions PHPGurukul Billing System version 1.0 Description The PHPGurukul Billing System version 1.0 contains a SQL Injection issue in the admin/index.php endpoint. The username parameter is susceptible because it accepts unvalidated user input that is...

6.5CVSS7.6AI score0.00179EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/12/02 12:0 a.m.10 views

PT-2025-48673

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the AddEvent function when handling user-supplied usernames. The issue occurs because the function copies the username input to a fixed-size buffe...

9.8CVSS7.9AI score0.00532EPSS
Exploits0References5
Rows per page
Query Builder