Netis AC1200 安全漏洞

The Netis AC1200 is a series of dual-band wireless broadband routers produced by the Chinese company Netis. The Netis AC1200 V4.0.1.4296 version contains a security vulnerability. This vulnerability stems from the POST parameters “password” and “newpwdconfirm” being passed directly to the...

DjangoBlog 安全漏洞

DjangoBlog is a blog system developed by liangliangyy using Django. Versions of DjangoBlog 2.1.0.0 and earlier had security vulnerabilities. These vulnerabilities stemmed from incorrect handling of the USER/PASSWORD parameters in the file djangoblog/settings.py, which may have led to hardcoded...

CVE-2026-5830

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available...

CVE-2023-29381

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters...

Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication that stems from improper handling of malicious password parameters, which could lead to a remote code execution attack...

CVE-2022-27945

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands such as telnetd via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi...

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and escaping of the SERVICE, LOGIN, and PASSWORD parameters, which could be exploited by...

CVE-2025-10800

A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argument email/password can lead to sql injection. The attack can be executed remotely. The exploit has been made available...

CVE-2025-7587

A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cover.php. The manipulation of the argument uname/psw leads to sql injection. The attack may be launched remotely. The...

CVE-2023-38062

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations...

CVE-2022-44624

In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters...

CVE-2024-51102

PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters...

CVE-2022-29043

Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2020-15829

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs...

CVE-2024-50833

A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters...

CVE-2024-50823

CVE-2024-50823 affects Kashipara E-learning Management System Project 1.0. A SQL injection vulnerability exists in the /admin/login.php endpoint, exploitable via the username and password parameters. The root cause is unparameterized SQL handling in the login routine, enabling an attacker to affe...

College Management System SQL注入漏洞

College Management System is a simple project organized by Code Projects. It is used to keep track of students, teachers, subjects, schedules and all things related to the university. A SQL injection vulnerability exists in College Management System version 1.0, which stems from the email/passwor...

CVE-2024-4822

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session...

AC8 R7WebsSecurityHandler function has a stack buffer overflow vulnerability in Shenzhen Jixiang Tengda Technology Co.

Shenzhen Jixiang Tengda Technology Co., Ltd AC8 is a wireless router device that provides network connection and wireless management functions. A stack buffer overflow vulnerability exists in the R7WebsSecurityHandler function in the Shenzhen Jixiang Tengda Technology Co. AC8 /goform/execCommand...

SpaceX Starlink Wi-Fi router 安全漏洞

The SpaceX Starlink Wi-Fi router is a series of routers from SpaceX in the United States. A security vulnerability exists in SpaceX Starlink Wi-Fi router Gen 2 prior to version 2023.48.0, which originated from allowing cross-site scripting attacks via the ssid and password parameters on the...