364 matches found
CVE-2026-45748
Termix includes a vulnerability in its POST /ssh/tunnel/connect endpoint prior to version 2.3.2. The handler builds an SSH tunnel command by directly interpolating user-controlled fields (endpointIP, endpointUsername, password) into a shell command without escaping, enabling persistent OS command...
CVE-2018-25398 The Open ISES Project 3.30A SQL Injection via main.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...
CVE-2026-10004
Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...
CVE-2018-25368
Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application...
CVE-2018-25368 Nord VPN 6.14.31 Denial of Service via Password Field
Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application...
CVE-2018-25368 Nord VPN 6.14.31 Denial of Service via Password Field
Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application...
CVE-2018-25368
NordVPN 6.14.31 is affected by a denial-of-service vulnerability triggered by submitting an excessively long password string. Unauthenticated attackers can crash the application during authentication by pasting a buffer of repeated characters into the password field. The description in the connec...
GHSA-F946-9QP6-VGCH shopper/framework: Authorization bypass in multiple Livewire admin components
Impact Multiple Livewire components in the admin panel allowed an authenticated low-privilege user to mutate data without the required permission: - Order detail Filament actions cancel, mark paid, mark complete, capture payment, archive, start processing were callable with readorders only and di...
EUVD-2026-26669
SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy$sort, $sortType without validation. An authenticated admin can sort users by any database column including password,...
CVE-2026-7131
A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2018-25294
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition...
EUVD-2018-21816
P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...
CVE-2018-25296
P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...
CVE-2018-25296 P10 Central Management Software 1.4.13 Denial of Service
P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...
CVE-2018-25296
CVE-2018-25296 affects P10 Central Management Software 1.4.13. The vulnerability is a buffer overflow in the login password field that lets a local attacker crash the application by submitting an oversized input (example: a 2000-byte payload). This results in a denial of service. The connected do...
CVE-2018-25294 CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition...
CVE-2018-25294 CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition...
CVE-2018-25294
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition...
CVE-2018-25294
CEWE Photoshow 6.3.4 is affected by a buffer overflow in the login dialog. The vulnerability can be triggered by submitting oversized input (up to ~4000 bytes in the email address and password fields), leading to denial of service (crash). Connected documents confirm the existence of this buffer ...
Prime95 安全漏洞
Prime95 is a device stress testing software developed by Prime95 Corporation. Version 29.4b7 of Prime95 contains a security vulnerability. This vulnerability stems from a buffer overflow in the PrimeNet connection dialog box, which could allow local attackers to cause the application to crash by...