150 matches found
CVE-2021-47911
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...
CVE-2021-47911 Affiliate Pro 1.7 Reflected Cross-Site Scripting via Index Module
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...
CVE-2026-1688
A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2025-70892
Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint...
EUVD-2026-2701
Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint...
CVE-2021-41487
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'...
PT-2026-1773
Name of the Vulnerable Software and Affected Versions RainyGao DocSys versions up to 2.02.37 Description A flaw exists in RainyGao DocSys that allows for SQL injection. The issue is located in an unknown function within the file com/DocSystem/mapping/UserMapper.xml. Manipulating the Username...
CVE-2026-21868
CVE-2026-21868 affects Flag Forge, specifically versions 2.3.2 and earlier. The vulnerability is a Regular Expression Denial of Service (ReDoS) in the user profile API endpoint /api/user/[username], where the application builds a regex dynamically from the unescaped username input. An attacker ca...
PT-2025-54211
Name of the Vulnerable Software and Affected Versions BiggiDroid Simple PHP CMS version 1.0 Description A flaw exists in BiggiDroid Simple PHP CMS 1.0, specifically within the Admin Login component. Manipulation of the Username argument in the /admin/login.php file can lead to SQL injection. This...
CVE-2025-15047 Tenda WH450 HTTP Request PPTPDClient stack-based overflow
A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated remotely. The exploit h...
CVE-2025-14565 kidaze CourseSelectionSystem login1.php sql injection
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed fro...
GHSA-4C65-9GQF-4W8H Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
Summary A command injection vulnerability is present in the function tool runsshcommandwithcredentials available to AI agents. Details This is the source code of the function tool runsshcommandwithcredentials code: python @functiontool def runsshcommandwithcredentials host: str, username: str,...
CVE-2025-11783
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...
EUVD-2025-200294
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query...
CVE-2025-65380
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query...
EUVD-2025-200233
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...
CVE-2025-11783
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...
CVE-2025-11783 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...
PT-2025-48782
Name of the Vulnerable Software and Affected Versions PHPGurukul Billing System version 1.0 Description The PHPGurukul Billing System version 1.0 contains a SQL Injection issue in the admin/index.php endpoint. The username parameter is susceptible because it accepts unvalidated user input that is...
PT-2025-48673
Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the AddEvent function when handling user-supplied usernames. The issue occurs because the function copies the username input to a fixed-size buffe...