CVE-2026-2166

A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is possible to be carried...

EUVD-2025-37353

The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login...

CVE-2025-9728

CVE-2025-9728 affects givanz Vvveb 1.0.7.2, with a reflected XSS in the login.tpl form (app/template/user/login.tpl) through manipulation of Email/Password fields. The vulnerability can be exploited remotely; PoCs and an exploit exist (GitHub), and a patch is available: bbd4c42c66ab81814224034817...

CVE-2018-7890

A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 build 13640. The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal...

Alfine CMS 2.6 SQL Injection

Document Title: =============== Alfine CMS v2.6 - Login Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1863 Release Date: ============= 2016-06-27 Vulnerability Laboratory ID VL-ID: ==================================== 1863...