CVE-2025-50199

Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openidurl parameter. This issue has been patched in version 1.11.30...

CVE-2025-14086

A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of the file /app-api/v1/members/openid/. The manipulation of the argument openid results in improper access controls. The attack can be executed remotely. The exploit has been made public and could be...

CVE-2025-14086

A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of the file /app-api/v1/members/openid/. The manipulation of the argument openid results in improper access controls. The attack can be executed remotely. The exploit has been made public and could be...

CVE-2025-14086

A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of the file /app-api/v1/members/openid/. The manipulation of the argument openid results in improper access controls. The attack can be executed remotely. The exploit has been made public and could be...

CVE-2025-14086 youlaitech youlai-mall openid access control

A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of the file /app-api/v1/members/openid/. The manipulation of the argument openid results in improper access controls. The attack can be executed remotely. The exploit has been made public and could be...

D-Link DI-7100G C1 openid parameter buffer overflow vulnerability

The D-Link DI-7100G C1 is an enterprise-class router from D-Link, designed for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a buffer overflow vulnerability that originates from the parameter openid in the file /webchat/login.cgi failing to properly validate the length an...

EUVD-2025-32550

A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation of the argument openid can lead to buffer overflow. It is possible to launch the attack remotely. The exploi...

CVE-2025-11338

A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation of the argument openid can lead to buffer overflow. It is possible to launch the attack remotely. The exploi...

CVE-2025-11338

A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation of the argument openid can lead to buffer overflow. It is possible to launch the attack remotely. The exploi...

CVE-2025-11338

Affected product: D-Link DI-7100G C1. The vulnerability is a buffer overflow in the jhttpd component, triggered by manipulating the openid argument in the /webchat/login.cgi file, specifically in the function sub_4C0990. This can be exploited remotely, with exploits published. Impact is potential...

PT-2025-40906

Name of the Vulnerable Software and Affected Versions D-Link DI-7100G C1 versions up to 20250928 Description A buffer overflow issue exists in the jhttpd component of D-Link DI-7100G C1. The issue is located in the sub 4C0990 function of the /webchat/login.cgi file. Manipulation of the openid...

D-Link DI-7100G 安全漏洞

The D-Link DI-7100G C1 is an enterprise-class router from D-Link, designed for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a buffer overflow vulnerability that originates from the parameter openid in the file /webchat/login.cgi failing to properly validate the length an...

EUVD-2025-24563

Malicious code in bioql PyPI...

CVE-2025-8908 Shanghai Lingdang Information Technology Lingdang CRM event.php sql injection

A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched...

Lingdang CRM SQL注入漏洞

Lingdang CRM Lingdang CRM is a customer relationship management system from Lingdang, China. A security vulnerability exists in Lingdang CRM version 8.6.5.4 and earlier versions, which originates from a SQL injection attack caused by the operation of the openid parameter in the file...

PT-2025-32987 · Unknown · Lingdang Crm

Name of the Vulnerable Software and Affected Versions: Lingdang CRM versions through 8.6.5.4 Description: A SQL injection issue exists in the crm/WeiXinApp/yunzhijia/event.php file. Manipulation of the openid argument can lead to SQL injection, and the attack can be launched remotely. The exploit...

Maccms 授权问题漏洞

Maccms program is a complete and powerful fast website building system running in PHP MYSQL environment. Maccms has an elevation of privilege vulnerability, which can be exploited by attackers to gain privileges through the "col" and "openid" parameters in /index.php/user/login to obtain privileg...