Lucene search
+L

981 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/04 5:15 p.m.1 views

CVE-2019-25506

FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to...

8.8CVSS6AI score0.00453EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/04 5:15 p.m.1 views

CVE-2019-25506 FreeSMS 2.1.2 Authentication Bypass via SQL Injection

FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to...

8.8CVSS6AI score0.00453EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/01 12:0 a.m.12 views

PT-2026-22522

Name of the Vulnerable Software and Affected Versions Tenda F453 version 1.0.0.3 Description A buffer overflow issue exists in the httpd component of the Tenda F453. The issue is located in the fromAdvSetWan function within the /goform/AdvSetWan file. Manipulation of the wanmode/PPPOEPassword...

9CVSS7.5AI score0.00632EPSS
Exploits1References15
CNNVD
CNNVD
added 2026/03/01 12:0 a.m.10 views

Tenda F453 安全漏洞

The Tenda F453 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.3 of the Tenda F453 contains a security vulnerability. This vulnerability stems from incorrect handling of parameters “wanmode” and “PPPOEPassword” in the httpd component’s “goform/AdvSetWan” file, which may...

9CVSS7.7AI score0.00632EPSS
Exploits1References6
OSV
OSV
added 2026/02/20 11:16 p.m.7 views

CVE-2019-25438

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...

7.5CVSS6.1AI score0.00478EPSS
Exploits1References3
NVD
NVD
added 2026/02/20 11:16 p.m.6 views

CVE-2019-25438

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...

8.8CVSS0.00478EPSS
Exploits1References3
NVD
NVD
added 2026/02/17 7:21 p.m.16 views

CVE-2026-26732

TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword parameters in the formFilter function...

8.8CVSS0.00327EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.10 views

TOTOLINK A3002RU 缓冲区错误漏洞

TOTOLINK A3002RU is a wireless router product from TOTOLINK Corporation. The TOTOLINK A3002RU V2.1.1-B20211108.1455 version contains a buffer error vulnerability. This vulnerability stems from an overflow in the stack buffer of the vpnUser or vpnPassword parameters in the formFilter function, whi...

8.8CVSS6.3AI score0.00327EPSS
Exploits1References1
NVD
NVD
added 2026/02/16 6:19 p.m.8 views

CVE-2026-2567

A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now publi...

8.6CVSS0.00662EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/16 5:32 p.m.5 views

CVE-2026-2567

A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now publi...

8.6CVSS6.3AI score0.00662EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/16 5:32 p.m.4 views

CVE-2026-2567 Wavlink WL-NU516U1 nas.cgi sub_401218 stack-based overflow

A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now publi...

8.6CVSS6.3AI score0.00662EPSS
Exploits1References4
NVD
NVD
added 2026/02/08 8:15 p.m.7 views

CVE-2026-2182

A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to th...

8.6CVSS0.04239EPSS
Exploits1References5
EUVD
EUVD
added 2026/02/08 8:32 a.m.10 views

EUVD-2026-5805

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/setddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is...

8.6CVSS6.7AI score0.04317EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.9 views

Code-Projects Online Examination System SQL注入漏洞

The Code-Projects Online Examination System is an open-source online examination system developed by Code-Projects. Version 1.0 of the Code-Projects Online Examination System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters username and password in...

9.8CVSS7.2AI score0.00312EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.13 views

PT-2026-7005

Name of the Vulnerable Software and Affected Versions code-projects Online Examination System version 1.0 Description A flaw exists in the Online Examination System that allows for SQL injection through the manipulation of the username and password arguments in the login.php file. This issue can ...

7.5CVSS5.6AI score0.00312EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/07 9:32 a.m.4 views

CVE-2026-2081 D-Link DIR-823X set_password os command injection

A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setpassword. This manipulation of the argument httppasswd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclos...

5.8CVSS5.4AI score0.05304EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/07 9:32 a.m.9 views

EUVD-2026-5732

A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setpassword. This manipulation of the argument httppasswd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclos...

5.8CVSS5.2AI score0.05304EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.12 views

PT-2026-6899

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in D-Link DIR-823X version 250416 that allows remote attackers to execute operating system commands. This occurs due to a command injection in an unknown function within the /goform/set...

5.8CVSS5.6AI score0.05304EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/02/03 3:11 a.m.12 views

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS5.5AI score0.00254EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/02/02 3:7 p.m.151 views

CVE_choco_2

DESCRIPTION - During the security assessment of "STUDENT WEB...

5.7AI score
Exploits0
Rows per page
Query Builder