Lucene search
K

1310 matches found

Nuclei
Nuclei
added 11 hours ago42 views

Ghost CMS - User Enumeration

Ghost CMS 5.9.4 contains a user enumeration vulnerability in the login functionality. The application reveals whether a user account exists through different error messages, allowing attackers to enumerate valid user accounts via specially-crafted HTTP requests. id: CVE-2022-41697 info: name: Gho...

5.3CVSS6.3AI score0.20196EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago24 views

Company Visitor Management System 1.0 - SQL Injection

Company Visitor Management System 1.0 contains a SQL injection vulnerability via the login page in the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id...

9.8CVSS7.2AI score0.02371EPSS
Exploits1References3
CVE
CVE
added 5 days ago12 views

CVE-2026-14660

The CVE-2026-14660 entry concerns code-projects Online Job Portal 1.0. The vulnerability lies in login.php where manipulating the arguments txtUser/txtPass causes SQL injection. Attack could be performed remotely and an exploit has been publicly released. Affected component: login handling in Onl...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-14640 CodeAstro Apartment Visitor Management System Login index.php sql injection

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit ha...

7.5CVSS0.00263EPSS
Exploits0References6
CVE
CVE
added 5 days ago11 views

CVE-2026-14640

CVE-2026-14640 describes a SQL injection in CodeAstro Apartment Visitor Management System 1.0. The vulnerability is in the Login component, specifically an unknown function in /index.php, where manipulating the Username argument can lead to remote exploitation. The exploit is publicly available a...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-55718

Name of the Vulnerable Software and Affected Versions Plack::Middleware::OAuth versions prior to 0.11 Description Plack::Middleware::OAuth for Perl fails to support the OAuth 2.0 state parameter. The RequestTokenV2 function builds the provider authorization redirect without issuing a state value,...

8.1CVSS5.9AI score0.00172EPSS
Exploits0References12
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40419

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:8 p.m.11 views

CVE-2026-56224

Capgo: vulnerability in console.capgo.app/login prior to version 12.128.2 allows access_token and refresh_token to be accepted in URL query parameters, leading to automatic user authentication without user confirmation. Practically, an attacker can craft a malicious link that lures a victim into ...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 10:16 p.m.10 views

CVE-2026-55666

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in apps/meteor/app/apple/server/loginHandler.ts, handleIdentityToken parses a JWT issued by Apple during the OAuth flow. The try block checks for an...

9.3CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 12:8 p.m.12 views

CVE-2026-44089

CVE-2026-44089 concerns Totolink EX1200L router. A buffer overflow in the login function of the CGI endpoint cgi-bin/cstecgi.cgi could allow remote code execution and a root-level impact, including reading/editing data and potentially bricking the device. The vulnerability has been confirmed only...

9.4CVSS5.9AI score0.0023EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51387

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.11.4 Filament versions 5.0.0 through 5.6.4 Description The login page contains a timing discrepancy that enables unauthenticated attackers to perform email enumeration. This allows an attacker to determine if ...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/13 5:36 p.m.25 views

CVE-2026-12183

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...

9.8CVSS0.00548EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

EulerOS Virtualization 2.13.0 : util-linux (EulerOS-SA-2026-2420)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerabilit...

5.3CVSS5.5AI score0.00436EPSS
Exploits1References3
NVD
NVD
added 2026/06/08 5:16 p.m.17 views

CVE-2026-11530

A vulnerability was identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...

7.5CVSS0.00328EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/08 3:45 p.m.8 views

CVE-2026-11530 imvks786 student_management_system Login index.ph sql injection

A vulnerability was identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...

7.5CVSS7AI score0.00328EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2026/06/08 12:0 a.m.112 views

📄 ProjeQtor 12.4.3 SQL Injection

This Metasploit auxiliary module targets an unauthenticated SQL injection vulnerability in ProjeQtor login functionality and is structured as a scanner-style module with multiple operational modes. Version 12.4.3 is affected...

9.8CVSS5.6AI score0.00558EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-7741

A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be us...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45027

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

5.9CVSS5.5AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.12 views

CVE-2026-44671

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...

7.5CVSS5.5AI score0.00479EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 5:37 p.m.21 views

MGASA-2026-0175 Updated cockpit packages fix security vulnerabilities

CVE-2026-4631, Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects...

9.8CVSS6.8AI score0.142EPSS
Exploits3References28
Rows per page
Query Builder