PT-2026-26811

The login register plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.2.0. This is due to missing nonce validation on the settings page and insufficient input sanitization and output escaping on the 'login regist...

CVE-2025-61128

Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi...

CVE-2025-10386

A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the argument requestUrl results in cross site scripting. It is possible to launch the attack remotely...

CVE-2024-13979

A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into...

CVE-2023-24241

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php...

CVE-2023-24241

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php...

PT-2020-14691 · D Link · D-Link Dap-1520

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1520 versions prior to 1.10b04Beta02 Description: An issue was discovered in the apply.cgi of D-Link DAP-1520 devices. The problem arises when a user performs a login action from the web interface, and the request values are...

CVE-2018-18427

s-cms 3.0 allows SQL Injection via the member/post.php 0id parameter or the POST data to member/memberlogin.php...