Lucene search
K

2396 matches found

Nuclei
Nuclei
added 7 hours ago12 views

Loan Management System 1.0 - SQL Injection

Loan Management System 1.0 contains a SQL injection vulnerability via the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2025-9744 info: name:...

9.8CVSS7AI score0.01664EPSS
Exploits3References3
Nuclei
Nuclei
added 7 hours ago42 views

Zoo Management System 1.0 - SQL Injection

Zoo Management System 1.0 contains a SQL injection vulnerability via the username parameter on the login page. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7AI score0.01721EPSS
Exploits1References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-43282

A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References7
CVE
CVE
added yesterday10 views

CVE-2026-15537

The CVE-2026-15537 affects SourceCodester Online Book Store System 1.0, with the vulnerability residing in admin/login.php where the Username parameter is SQL-injected. This allows a remote attacker to exploit the flaw (PROOF-OF-CONCEPT) and aligns with a high-severity CVSS in the provided metric...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday21 views

CVE-2026-15537 SourceCodester Online Book Store System login.php sql injection

A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...

7.5CVSS0.00263EPSS
Exploits0References6
CVE
CVE
added 2 days ago13 views

CVE-2026-15489

The CVE-2026-15489 entry describes a SQL injection in RafyMrX TOKO-ONLINE-ROTI (up to commit ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99) via an input in the file proses/login.php where the Username argument is manipulated. The vulnerability is exploitable remotely, with a publicly available exploit...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43211

A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this vulnerability is an unknown functionality of the file proses/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack i...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-15190 SourceCodester Simple and Nice Shopping Cart Script login.php sql injection

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and m...

7.5CVSS0.00328EPSS
Exploits0References6
CVE
CVE
added 5 days ago22 views

CVE-2026-14245

The CVE-2026-14245 entry concerns the miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress (versions up to and including 5.5.1). The root cause is that um_reset_password_process_hook() performs no server-side verification of OTP completion and relies on a public form_nonc...

9.8CVSS6AI score0.00586EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/04 8:30 p.m.8 views

EUVD-2026-41696

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit ha...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.15 views

PT-2026-55732

Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An SQL injection issue exists in the Admin Login component within the /admin/login.php endpoint. The flaw allows remote attackers to manipulate the Username variable t...

7.5CVSS7.4AI score0.00412EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/23 1:46 p.m.7 views

EUVD-2026-38452

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...

8.8CVSS6.8AI score0.00664EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 1:46 p.m.19 views

CVE-2026-35018

NetComm NF20MESH routers running firmware R6B031 and earlier are affected by an authenticated remote code execution vulnerability. The flaw resides in dalStorage_addUserAccount where shell metacharacters injected into the username JSON parameter are unsafely concatenated into a shell command stri...

8.8CVSS6.8AI score0.00664EPSS
Exploits0References4
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/23 12:0 a.m.9 views

Lantronix EDS5000 Code Injection Vulnerability

Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges...

9.8CVSS6.3AI score0.00889EPSS
In wildExploits1
ATTACKERKB
ATTACKERKB
added 2026/06/21 4:0 a.m.6 views

CVE-2026-12775

A vulnerability was detected in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. Th...

7.5CVSS5.7AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/21 4:0 a.m.37 views

CVE-2026-12775 Montodel House-Rental-Management login.php sql injection

A vulnerability was detected in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. Th...

7.5CVSS0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/19 4:17 p.m.31 views

CVE-2017-20270 Joomla! Component Twitch Tv 1.1 SQL Injection

Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=comtwitchtv and view paramete...

8.8CVSS0.0027EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50951

Name of the Vulnerable Software and Affected Versions Joomla! Component Twitch Tv version 1.1 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the username and id parameters. Attackers can send GET...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/10 2:2 p.m.37 views

CVE-2026-45559 Roxy-WI: LDAP injection in /user/ldap/<username> (admin-only)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, getldapemail app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no...

4.9CVSS0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:2 p.m.10 views

EUVD-2026-36040

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, getldapemail app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no...

4.9CVSS5.5AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder