Apache DolphinScheduler has an Incorrect Authorization Vulnerability

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

CVE-2025-55462

A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. This permits malicious third-party websites to perform authenticat...

CVE-2025-13201

The CVE-2025-13201 entry concerns Code-projects’ Simple Cafe Ordering System 1.0. A SQL injection vulnerability exists in the login.php file, arising from improper handling of the Username parameter. The issue can be exploited remotely, and an exploit is publicly available. Affected component: lo...

EUVD-2020-2251

Malware in sbrugna...

EUVD-2016-9120

Malware in sbrugna...

EUVD-2024-48998

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-40660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operation...

VulnCheck KEV: CVE-2025-34143

An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...

CVE-2020-1465

An elevation of privilege vulnerability exists in Microsoft OneDrive that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft OneDrive Elevation of Privilege Vulnerability'...

Google Cloud Platform 安全漏洞

Google Cloud Platform is a cloud computing platform from Google USA that can provide cloud computing, data storage, data analytics and machine learning services. A security vulnerability exists in Google Cloud Platform that stems from insufficient authentication of the OS Login feature, which cou...

CVE-2024-55159

GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the SortName parameter at /system/loginLog/list...

CVE-2024-55159

GFast v2–v3.2 contains a SQL injection vulnerability in the SortName parameter exposed at /system/loginLog/list. Affected versions are 2 through 3.2. The issue is evidenced in multiple sources (e.g., PT-2025-7444) with a recommended workaround: restrict access to the /system/loginLog/list endpoin...

PT-2025-7444 · Gfast · Gfast

Name of the Vulnerable Software and Affected Versions: GFast versions 2 through 3.2 Description: A SQL injection issue was discovered via the SortName parameter at the "/system/loginLog/list" API endpoint. This allows for potential exploitation. Recommendations: For versions 2 through 3.2, as a...

CVE-2024-57328

A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access...

Motorola Solutions Vigilant Fixed LPR Coms Box Security Vulnerability

Motorola Solutions Vigilant Fixed LPR Coms Box is a license plate recognition system from Motorola Solutions USA. A security vulnerability exists in the Motorola Solutions Vigilant Fixed LPR Coms Box that originates from the exploitation of default credentials that allow an attacker to log in to...

PT-2023-8319 · Tenda · Tenda I29

Name of the Vulnerable Software and Affected Versions: Tenda i29 version 1.0 V1.0.0.5 Description: The issue is related to a buffer overflow in the sysLogin function, which can be exploited via the time parameter. This could allow a remote attacker to execute arbitrary code. Recommendations: For...

OpenSC: Potential PIN bypass when card tracks its own login state

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock a...

DEBIAN-CVE-2023-40660

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock a...

PT-2022-18088 · Unknown · Sourcecodester Simple Food Ordering System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Food Ordering System version 1.0 Description: A problematic issue was found in the system, affecting the /login.php file. The manipulation of the email and password arguments with the input "alert1 leads to cross-site...

Event Management Cross-Site Scripting Vulnerability

Event Management is an event management system, and a cross-site scripting vulnerability exists in Event Management that could be exploited to obtain a PHPSESSID and use it to manipulate a created system login session...