CVE-2026-7747

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be...

EUVD-2026-26937

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be...

CVE-2026-7103

A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file updateuser.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's...

CVE-2026-2081

A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setpassword. This manipulation of the argument httppasswd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclos...

CVE-2023-54340

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or...

CVE-2026-0605 code-projects Online Music Site login.php sql injection

A security vulnerability has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Such manipulation of the argument username/password leads to sql injection. The attack may be performed from remote. The exploit ha...

CVE-2025-13809

A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...

CVE-2025-11527

A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fastsettingpppoeset. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been public...

CVE-2025-11527

A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fastsettingpppoeset. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been public...

CVE-2025-11387 Tenda AC15 fast_setting_pppoe_set stack-based overflow

A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fastsettingpppoeset. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may ...

PT-2025-40978

Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.05.18 Description A stack-based buffer overflow exists in Tenda AC15 routers. The issue is due to the manipulation of the Password argument within the file '/goform/fast setting pppoe set'. This can be exploited...

EUVD-2023-38211

Malicious code in bioql PyPI...

EUVD-2023-35740

Malicious code in bioql PyPI...

EUVD-2025-11948

Malicious code in bioql PyPI...

CVE-2025-10767

CosmodiumCS OnlyRAT (versions prior to 3.3, affected up to 3.2 per some citations) contains an OS command injection in the Configuration File Handler’s main.py, specifically in the connect/remote_upload/remote_download function where manipulation of configuration["PASSWORD"] can be exploited. Att...

CVE-2025-9691

A vulnerability has been found in Campcodes Online Shopping System 1.0. This impacts an unknown function of the file /login.php. Such manipulation of the argument Password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-5619

A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The explo...

CVE-2025-3203

A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2025-3203 Tenda W18E setModules formSetAccountList stack-based overflow

A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2025-2347

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. This issue affects some unknown processing of the component Device Registration. The manipulation of the argument Password with the input qwertyuiop leads to use of default password. The attack needs to ...