WordPress Noo JobMonster plugin authentication bypass vulnerability

WordPress Noo JobMonster plugin is a recruitment theme on the WordPress platform, mainly used to build a job search and recruitment website, support for employers to post jobs, job seekers to submit resumes and other functions. WordPress Noo JobMonster plugin has an authentication bypass...

PT-2025-44582

Name of the Vulnerable Software and Affected Versions Noo JobMonster theme for WordPress versions prior to 4.8.1 Description The Noo JobMonster theme for WordPress is susceptible to Authentication Bypass due to a flaw in the check login function. This function does not properly verify a user's...

PT-2025-35375

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Polling System Code version 1.0 Description: A SQL injection issue exists due to the manipulation of the myusername argument in the /admin/checklogin.php file. The attack can be performed remotely. The exploit is publicl...

keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...

keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...

WWBN AVideo Security Breach

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo, which stems from a login attempt limit bypass vulnerability in the checkLoginAttempts method...

SIPE s.r.l. WI400 跨站脚本漏洞

SIPE s.r.l. WI400 is a PHP language framework from SIPE s.r.l.. A security vulnerability exists in SIPE s.r.l. WI400 versions 8 through 11, which stems from a cross-site scripting XSS vulnerability found in the checklogin function. The vulnerability can be exploited by an attacker to inject a...

PT-2023-15575 · Sipe S.R.L · Wi400

Name of the Vulnerable Software and Affected Versions: SIPE s.r.l WI400 versions 8 through 11 Description: A cross-site scripting XSS issue in the check login function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter. This enables the...

WordPress plugin login-block-ips 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-26874 · Ip Com · Ip-Com Ew9

Name of the Vulnerable Software and Affected Versions: IP-COM EW9 version 15.11.0.149732 Description: The issue allows unauthenticated attackers to access sensitive information. This is achieved via several interfaces, including "checkLoginUser", "ate", "telnet", "version", "setDebugCfg", and...

IP-COM EW9 信息泄露漏洞

The IP-COM EW9 is a wireless router from IP-COM. A security vulnerability exists in the IP-COM EW9 version V15.11.0.149732, which originated from a vulnerability that allows an unauthenticated attacker to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and...

Roxy-WI SQL注入漏洞

Roxy-WI is a web interface for managing Haproxy, Nginx, and Keepalived servers. SQL injection vulnerabilities exist in Roxy-WI 5.2.2.0 and earlier versions, and attackers can use checklogin to extract a valid uuid to bypass authentication...

CVE-2021-35325

A stack overflow in the checkLoginUser function of TOTOLINK A720R A720RFirmware v4.1.5cu.470B20200911 allows attackers to cause a denial of service DOS...

TotoLink A720R 缓冲区错误漏洞

Totolink A720R is a wireless router from Taiwan-based Totolink Electronics, Inc. A stack overflow vulnerability exists in Totolink A720R V4.1.5cu.470B20200911, which stems from incorrect data handling by the checkLoginUser function in the software and can be exploited by attackers to cause a deni...

sso.nct.vn XSS vulnerability

Vulnerable URL: https://sso.nct.vn/auth/check-login?jsoncallback=prompt/OPENBUGBOUNTY/...

jsmsg.com XSS vulnerability

Vulnerable URL: http://www.jsmsg.com/check/login.php?callback=prompt/OPENBUGBOUNTY/...

PT-2014-1975 · D Link · Dnr-326

Name of the Vulnerable Software and Affected Versions: D-Link DNR-326 versions prior to 2.10 build 03 Description: The issue is related to the check login function and is caused by weaknesses in the authentication procedure. It allows a remote attacker to bypass authentication and log in by...

China computer education web site management system 3. 0 vulnerability analysis-vulnerability warning-the black bar safety net

In the/edit/downfile. asp has the following code: Copy code !-- include file="fsoconfig. asp" - !-- include file="checklogin. asp" - % call downloadFileRequest"path" function downloadFilestrFile strFilename = server. MapPathstrFile Response. Buffer = True Response. Clear Set s = Server...