CVE-2026-40593

CVE-2026-40593 affects ChurchCRM prior to 7.2.0. The issue arises in the UserEditor.php when rendering stored usernames into an HTML input value without applying htmlspecialchars(), allowing an administrator to save a username with HTML attribute-breaking characters and event handlers. When anoth...

CVE-2026-40593 ChurchCRM: Stored XSS in UserEditor.php via Login Name Field

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor UserEditor.php renders stored usernames directly into an HTML input value attribute without applying htmlspecialchars. An administrator can save a username containing HTML attribute-breaking characte...

SUSE-RU-2026:1228-1 Recommended update for shadow

This update for shadow fixes the following issues: shadow is updated to 4.17.2 to bring lots of features and bug fixes. - util-linux-2.41 introduced new variable: LOGINENVSAFELIST. Recognize it and update dependencies. - Set SYSUID,GIDMIN to 201: After repeated similar requests to change the ID...

EUVD-2020-15016

Malware in sbrugna...

EUVD-2002-1369

Malware in sbrugna...

EUVD-2021-2054

Malware in sbrugna...

EUVD-2002-0257

Malware in sbrugna...

EUVD-1999-0972

Malware in sbrugna...

CVE-2025-10711

A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Name leads to cross site scripting. The attack may be performed from remote. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2021-25956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dolibarr application, v3.3.beta120121221 to v13.0.2 have Modify access for admin level users to change other user's details but fails to validate already...

SQL Injection Vulnerability in Gansu Dangerous Goods Depot Monitoring Platform of Shenzhen Dingxintongda Technology Co.

Gansu Province Dangerous Goods Depot Monitoring Platform is a digital management system for real-time monitoring of dangerous goods storage and transportation. There is a SQL injection vulnerability in the Gansu Dangerous Goods Depot Monitoring Platform of Shenzhen Dingxintongda Technology Co.,...

CVE-2025-8773

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/logingetPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible ...

CVE-2025-8773 Dinstar Monitoring Platform 甘肃省危险品库监控平台 login_getPasswordErrorNum.action sql injection

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/logingetPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible ...

CVE-2025-8773 Dinstar Monitoring Platform 甘肃省危险品库监控平台 login_getPasswordErrorNum.action sql injection

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/logingetPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible ...

CVE-2025-8773

CVE-2025-8773 concerns Dinstar Monitoring Platform (甘肃省危险品库监控平台) 1.0. The vulnerability is a SQL injection in an unknown function of the file /itc/${appPath}/login_getPasswordErrorNum.action triggered by manipulating userBean.loginName. Impact is described as remote exploit enabling full impact o...

Kloxo 安全漏洞

Kloxo is an open source hosting platform from LxCenter. A security vulnerability exists in Kloxo versions prior to 6.1.12 that stems from an unvalidated login-name parameter, which could lead to SQL injection and remote command execution...

CVE-2020-22251

Cross Site Scripting XSS vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin...

Triple-Identity Authentication: the Future of Secure Access

In a typical authentication process, the local system verifies the user's identity using a stored hash value generated by a cross-system hash algorithm. This article shifts the research focus from traditional password encryption to the establishment of gatekeeping mechanisms for effective...

PT-2025-3446 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: ruoyi version 4.8.0 Description: The issue is related to the reset password interface, where attackers with Admin privileges can cause a Denial of Service DoS by duplicating the login name of the account. Recommendations: ruoyi version 4.8.0:...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi v4.8.0, which stems from a problem with the reset password screen that allows an attacker with administrator privileges to cause a denial of service by copying the login name...