CVE-2026-31851

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attack...

Sony IP Cameras Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-7834)

SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC- EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC- ZP550, SNC-ZR550,...

CVE-2025-13613 Elated Membership <= 1.2 - Authentication Bypass via Social Login

The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'eltdfmembershipcheckfacebookuser' and the...

CVE-2025-64065

The Primakon Pi Portal 1.0.18 API /api/V2/ppudfvadmin endpoint, fails to perform necessary server-side validation. The administrative LoginAs or user impersonation feature is vulnerable to a access control failure. This flaw allows any authenticated low-privileged user to execute a direct PATCH...

EUVD-2025-197815

QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the login page can ga...

EUVD-2015-0992

Malware in sbrugna...

EUVD-2009-1947

Malware in sbrugna...

EUVD-2020-14760

Malware in sbrugna...

EUVD-2007-0573

Malware in sbrugna...

Real-time Bus Tracking System vulnerable to improper validation of specified quantity in input

Overview Real-time Bus Tracking System provided by SYNCK GRAPHICA contains the following vulnerability. Improper validation of specified quantity in input CWE-1284 - CVE-2025-43881 n3ddih reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

CVE-2021-41286

Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...

Exploit for Cross-Site Request Forgery (CSRF) in Creativeitem Academy_Lms

CVE-2022-47130 Academy LMS = 5.10 CSRF Description Acad...

CVE-2022-20736

A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This...

CVE-2022-32022

Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login...

PT-2022-13577 · Siteground · Siteground Security Plugin

Name of the Vulnerable Software and Affected Versions: SiteGround Security plugin for WordPress versions up to, and including, 1.2.5 Description: The issue allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up. This enables...

CVE-2020-21994

AVE DOMINAplus =1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful...

Phpjabbers Appointment Scheduler Cross-Site Scripting Vulnerability

Phpjabbers Appointment Scheduler is a Php-based appointment scheduler plugin for planning time and scheduling meetings from Phpjabbers Serbia. PHPJabbers Appointment Scheduler 2.3 is vulnerable to a cross-site scripting vulnerability that originates in the index.php administrative login page with...

projectworlds car rental management system cross-site scripting vulnerability

projectworlds car rental management system is a car rental management system from projectworlds. projectworlds car rental management system is vulnerable to a cross-site scripting vulnerability, which could be exploited to obtain an administrative login session cookie and steal an administrative...

QiHang Media Web Digital Signage 3.0.9 Credential Disclosure Vulnerability

QiHang Media Web Digital Signage version 3.0.9 suffers from a clear-text credential disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for...

QiHang Media Web Digital Signage 3.0.9 Credential Disclosure

QiHang Media Web QH.aspx Digital Signage 3.0.9 Cleartext Credentials Disclosure Vendor: Shenzhen Xingmeng Qihang Media Co., Ltd. Guangzhou Hefeng Automation Technology Co., Ltd. Product web page: http://www.howfor.com Affected version: 3.0.9.0 Summary: Digital Signage Software. Desc: The...