OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

CVE-2026-10208

A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function loginuser of the file login1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

CVE-2026-9383 itsourcecode Electronic Judging System login.php sql injection

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

EUVD-2018-21873

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...

CVE-2026-44195 OPNsense: Authentication lockout bypass

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockouthandler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword...

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

CVE-2026-7682 Edimax BR-6208AC L2TP Mode setWAN command injection

A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit ha...

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

CVE-2026-34578 OPNsense has an LDAP Injection via Unsanitized Username in Authentication

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldapescape. An unauthenticated attacker can inject LDAP filter metacharacters into the username field ...

PT-2026-31619

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldap escape. An unauthenticated attacker can inject LDAP filter metacharacters into the username field...

PT-2026-24723

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

PT-2026-21873

Name of the Vulnerable Software and Affected Versions itsourcecode Document Management System version 1.0 Description A flaw exists in itsourcecode Document Management System version 1.0 that allows remote attackers to execute SQL injection. The issue is located in the /register.php file,...

CVE-2026-2193

The CVE-2026-2193 affects D-Link DI-7100G C1 (firmware 24.04.18D1). The vulnerability lies in the set_jhttpd_info function where manipulating the usb_username argument enables command injection, enabling remote exploitation. Reported CVSS metrics indicate network access with low complexity and lo...

CVE-2025-15494 RainyGao DocSys UserMapper.xml sql injection

A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

CVE-2025-15494 RainyGao DocSys UserMapper.xml sql injection

A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

CVE-2025-14620

A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/loginquery.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit h...

CVE-2025-14620 code-projects Student File Management System login_query.php sql injection

A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/loginquery.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit h...