CVE-2024-41454

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file...

DRUPAL-CONTRIB-2025-124

This module enables you to disable the standard Drupal login form /user/login so site owners can prevent interactive logins via the UI. The module does not sufficiently block authentication when the REST/HTTP login route is used. An attacker or legitimate user with valid credentials can...

Brute-Force Attack

ethycafides is vulnerable to brute-force attack. The vulnerability is due to the absence of specific anti-automation controls on the Admin UI login endpoint, which allows an attacker to perform credential testing attacks such as credential stuffing or password spraying to gain unauthorized access...

Malicious code in localz-lastmile-ui-login (npm)

The package localz-lastmile-ui-login was found to contain malicious code...

MAL-2025-25490 Malicious code in localz-lastmile-ui-login (npm)

The package localz-lastmile-ui-login was found to contain malicious code...

CVE-2024-41454

CVE-2024-41454 : The reports indicate an arbitrary file upload vulnerability in the Process Maker pm4core-docker 4.1.21-RC7 UI login page logo upload function. A crafted PHP or HTML file can be uploaded, enabling arbitrary code execution. The exact root cause described is an insecure file upload ...

CVE-2022-45911

An issue was discovered in Zimbra Collaboration ZCS 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not ge...

CVE-2022-45911

An issue was discovered in Zimbra Collaboration ZCS 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not ge...

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is a suite of email and collaboration solutions from Zimbra, USA. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server ZCS version 9.0, which stems from ...

PT-2023-14792 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS version 9.0 Description: An issue was discovered in the Classic UI login page where XSS can occur by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which...

CVE-2020-11625

An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate wheth...

Apache Syncope Cross-Site Scripting Vulnerability (CNVD-2020-31755)

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. A cross-site scripting vulnerability in the EndUser UI login page in Apach...

CVE-2018-7633

Code injection in the /ui/login form Language parameter in Epicentro E7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request...

Faraday v2.4 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...