CVE-2023-4549

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form...

EUVD-2023-50810

Malicious code in bioql PyPI...

Dahua Smart Cloud Gateway Registration Management 安全漏洞

Dahua Smart Cloud Gateway Registration Management is a cloud gateway registration platform from Dahua, China. A security vulnerability exists in Dahua Smart Cloud Gateway Registration Management, which is caused by SQL injection due to uncleared input in the /index.php/User/doLogin endpoint...

CVE-2025-6552

A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of the component Login. The manipulation of the argument redirecturl leads to open redirect. It is...

CVE-2025-6552 java-aodeng Hope-Boot Login WebController.java doLogin redirect

A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of the component Login. The manipulation of the argument redirecturl leads to open redirect. It is...

CVE-2025-6552

CVE-2025-6552 affects java-aodeng Hope-Boot 1.0.0. The vulnerable component is the doLogin function in WebController.java (/src/main/java/com/hope/controller/WebController.java) where manipulation of the redirect_url parameter enables an open redirect. Remote exploitation is possible and the vuln...

CVE-2025-6552 java-aodeng Hope-Boot Login WebController.java doLogin redirect

A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of the component Login. The manipulation of the argument redirecturl leads to open redirect. It is...

PT-2025-26683 · Unknown · Java-Aodeng Hope-Boot

Name of the Vulnerable Software and Affected Versions: java-aodeng Hope-Boot version 1.0.0 Description: A vulnerability was found in the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of the component Login. The manipulation of the argument redirect url leads t...

CVE-2023-46608

Missing Authorization vulnerability in WPDO DoLogin Security dologin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through = 3.7.1...

CVE-2023-46608

Missing Authorization vulnerability in WPDO DoLogin Security dologin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through = 3.7.1...

CVE-2023-46608 WordPress DoLogin Security plugin <= 3.7.1 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in WPDO DoLogin Security dologin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through = 3.7.1...

CVE-2023-46608 WordPress DoLogin Security plugin <= 3.7.1 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in WPDO DoLogin Security dologin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through = 3.7.1...

WordPress plugin DoLogin Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of the doLogin() function in the EdgeLoginServiceImpl class of the wizardLogin component of the data protection software for ArcServe UDP allows a perpetrator to bypass the authentication process.

The vulnerability of the doLogin function in the EdgeLoginServiceImpl class of the wizardLogin component of the data protection software for ArcServe UDP is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to bypass the authentication...

DoLogin Security <= 3.7.1 - Missing Authorization via REST Endpoints

Description The DoLogin Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple REST functions in versions up to, and including, 3.7.1. This makes it possible for unauthenticated attackers to send test SMS messages to arbitrar...

WordPress DoLogin Security Plugin <= 3.7.1 is vulnerable to Broken Access Control

Software DoLogin Security Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46608 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 5adc7395b967 Credits Mika Required privilege...

WordPress DoLogin Security Plugin < 3.7.1 is vulnerable to Sensitive Data Exposure

Software DoLogin Security Type Plugin Vulnerable versions 3.7.1 Fixed in 3.7.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-4800 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3a18978f1a90 Credits Bartlomiej Marek and Tomasz...

CVE-2023-4800

The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users...

CVE-2023-4800

The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users...

CVE-2023-4800 DoLogin Security < 3.7.1 - Subscriber+ IP Address leak

The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users...