CVE-2026-11530

A vulnerability was identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...

PT-2026-47433

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import users.php. The manipulation of the argument raw password wit...

CVE-2026-7747

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be...

EUVD-2026-26937

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be...

CVE-2026-7103

A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file updateuser.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's...

CVE-2026-2081

A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setpassword. This manipulation of the argument httppasswd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclos...

CVE-2023-54340

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or...

CVE-2026-0605 code-projects Online Music Site login.php sql injection

A security vulnerability has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Such manipulation of the argument username/password leads to sql injection. The attack may be performed from remote. The exploit ha...

CVE-2025-13809

A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...

CVE-2025-11527

A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fastsettingpppoeset. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been public...

CVE-2025-11527

A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fastsettingpppoeset. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been public...

CVE-2025-11387 Tenda AC15 fast_setting_pppoe_set stack-based overflow

A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fastsettingpppoeset. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may ...

PT-2025-40978

Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.05.18 Description A stack-based buffer overflow exists in Tenda AC15 routers. The issue is due to the manipulation of the Password argument within the file '/goform/fast setting pppoe set'. This can be exploited...

EUVD-2025-11948

Malicious code in bioql PyPI...

EUVD-2023-35740

Malicious code in bioql PyPI...

EUVD-2023-38211

Malicious code in bioql PyPI...

CVE-2025-10767

CosmodiumCS OnlyRAT (versions prior to 3.3, affected up to 3.2 per some citations) contains an OS command injection in the Configuration File Handler’s main.py, specifically in the connect/remote_upload/remote_download function where manipulation of configuration["PASSWORD"] can be exploited. Att...

CVE-2025-9691

A vulnerability has been found in Campcodes Online Shopping System 1.0. This impacts an unknown function of the file /login.php. Such manipulation of the argument Password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-5619

A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The explo...

CVE-2025-3203

A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The...