CVE-2025-14192

CVE-2025-14192 affects RashminDungrani online-banking up to build 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. The vulnerability is an SQL injection in the file /site/dist/auth_login.php caused by manipulation of the Username argument. It is remotely exploitable and the exploit has been made public....

CVE-2025-14192 RashminDungrani online-banking auth_login.php sql injection

A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of the file /site/dist/authlogin.php. Performing manipulation of the argument Username results in sql injection. The attack can be initiated remotely. The explo...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the projectID argument in the /auth/login process. An attacker can gain unauthorized access to resources and potentially compromise confidentiality, integrity, and availability by manipulating this parameter...

CVE-2023-49641

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginCheck.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2025-1163 code-projects Vehicle Parking Management System Authentication login stack-based overflow

A vulnerability classified as critical was found in code-projects Vehicle Parking Management System 1.0. This vulnerability affects the function login of the component Authentication. The manipulation of the argument username leads to stack-based buffer overflow. An attack has to be approached...

Multiple TP-Link products vulnerable to OS command injection

Overview Multiple products provided by TP-LINK contains an OS command injection vulnerability CWE-78 related to the backup/restore function. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact A user who logs in to the affected...

PT-2024-14128 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.12 Description: The issue is related to LDAP injection when authentication is made against a LDAP server. This can be exploited by a remote attacker to perform LDAP injection using the authentication form. The...

CVE-2023-1980

Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries...

GHSA-2CCW-7PX8-VMPF Open Redirect in Flask-AppBuilder

Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 3.4.5 contain an open redirect vulnerability when using the database authentication login page. There are no known workarounds. Users are recommended to upgrade to version 3.4.5 or later. For more...

CVE-2020-13121

Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt...

Open redirect

Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt...