Lucene search
K

132 matches found

Snyk
Snyk
added 2026/03/04 10:53 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...

8.3CVSS5.7AI score0.00318EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/04 10:53 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...

8.3CVSS5.7AI score0.00318EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/04 10:53 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...

8.3CVSS5.7AI score0.00318EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.11 views

PT-2026-23106

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.12.0 Description ZITADEL, an open source identity management platform, had a flaw in its login V2 UI. This allowed users to circumvent login behavior and security policies, enabling self-registration of new...

9.9CVSS5.8AI score0.22162EPSS
Exploits70References140
RedhatCVE
RedhatCVE
added 2026/03/03 1:37 p.m.4 views

CVE-2026-2584

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

9.3CVSS5.9AI score0.00414EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 9:16 a.m.6 views

CVE-2026-2584

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

9.3CVSS0.00414EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/02 9:1 a.m.9 views

CVE-2026-2584

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

9.3CVSS5.9AI score0.00414EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.7 views

CVE-2026-25803

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

9.8CVSS5.4AI score0.00364EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 11:15 p.m.12 views

CVE-2026-25803

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

9.8CVSS0.00364EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/06 10:52 p.m.3 views

CVE-2026-25803 3DP-MANAGER Uses Hard-coded Credentials

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

9.8CVSS5.5AI score0.00364EPSS
Exploits0References2
OSV
OSV
added 2026/02/06 10:52 p.m.9 views

CVE-2026-25803 3DP-MANAGER Uses Hard-coded Credentials

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

9.8CVSS5.5AI score0.00364EPSS
Exploits0References4
NVD
NVD
added 2026/01/30 5:16 p.m.6 views

CVE-2026-1689

A vulnerability was detected in Tenda HG10 USHG7HG9HG10re300001138enxpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launche...

7.5CVSS0.02537EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/30 4:32 p.m.37 views

CVE-2026-1689 Tenda HG10 Login formLogin checkUserFromLanOrWan command injection

A vulnerability was detected in Tenda HG10 USHG7HG9HG10re300001138enxpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launche...

7.5CVSS0.02537EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2026/01/23 12:0 a.m.182 views

📄 ZITADEL 4.7.0 Server-Side Request Forgery

This is a ZITADEL version 4.7.0 server-side request forgery proof of concept exploit written in PHP. ============================================================================================================================================= | Title : ZITADEL 4.7.0 SSRF Exploit - PHP Version | |...

9.3CVSS5.5AI score0.0046EPSS
Exploits2
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.12 views

FileBrowser security vulnerability

FileBrowser is a web-based file browser developed by Seagate as open source. It provides a file management interface for specified directories, allowing users to upload, delete, preview, rename, and edit their files. It supports multiple users, with each user having their own directories...

5.3CVSS5.8AI score0.00417EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.10 views

PT-2026-5425

Name of the Vulnerable Software and Affected Versions Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon affected versions not specified Description A flaw exists in the Login Interface component of the software, specifically within the checkUserFromLanOrWan function located in the...

7.5CVSS7.2AI score0.02537EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/01/15 7:9 p.m.20 views

CVE-2026-23511 ZITADEL has a user enumeration vulnerability in Login UIs

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames an...

5.3CVSS0.00362EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/15 6:17 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the login UI process. An attacker can determine the existence of valid user accounts by submitting arbitrary userIDs and observing the system's response. This can be achieved by iterating through potential userI...

6.9CVSS5.8AI score0.00362EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/15 6:17 p.m.11 views

Zitadel has a user enumeration vulnerability in Login UIs

Summary A user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames and userIDs. Impact The login UIs in version 1 and 2 provide the possibility...

5.3CVSS6AI score0.00362EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.5 views

CVE-2021-22003

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and...

7.5CVSS6.8AI score0.00994EPSS
Exploits0References1
Rows per page
Query Builder