Lucene search
K

1022 matches found

Nuclei
Nuclei
added 11 hours ago28 views

ZZcms - Cross-Site Scripting

ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. id: CVE-2020-20285 info: name: ZZcms -...

5.4CVSS6.3AI score0.01395EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago57 views

mooSocial v.3.1.8 - Cross-Site Scripting

A cross-site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code by sending a crafted payload to the adminredirecturl parameter of the user login function. id: CVE-2023-44812 info: name: mooSocial v.3.1.8 - Cross-Site Scripting author: ritikchaddha...

6.1CVSS6.6AI score0.01897EPSS
Exploits2References3
Nuclei
Nuclei
added 11 hours ago7 views

LatePoint <= 5.0.12 - Authentication Bypass

LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the 'Use WordPress...

9.8CVSS6AI score0.02994EPSS
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-51821

SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...

9.8CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday21 views

CVE-2026-51821

SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...

Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-51821

SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...

9.8CVSS6.4AI score
Exploits0References2
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43156

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...

5.3CVSS6.2AI score0.00361EPSS
Exploits0References12
OSV
OSV
added last week6 views

CVE-2026-49229 Actual: Disabled OpenID users keep access through existing session tokens

Actual is a local-first personal finance app. Prior to 26.6.0, in OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity, while existing Actual session tokens for the disabled user remain valid. The shared session validation path accepts any existing token row...

8.3CVSS6AI score0.00441EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/07 5:11 a.m.33 views

CVE-2026-57867

MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords OTP to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3...

8.8CVSS0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.16 views

PT-2026-53059

Name of the Vulnerable Software and Affected Versions RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login versions prior to 6.0.8.7 Description An authentication bypass exists due to insufficient verification of data authenticity. The PayPal IPN callback...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References20
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.10 views

CVE-2026-10731

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS6AI score0.00349EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 10:16 a.m.15 views

CVE-2026-10731

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS0.00349EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 8:57 a.m.16 views

EUVD-2026-35387

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS6AI score0.00349EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 8:57 a.m.8 views

CVE-2026-10731 SQL injection in Nemon products

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS6AI score0.00349EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:57 a.m.36 views

CVE-2026-10731 SQL injection in Nemon products

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS0.00349EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:57 a.m.20 views

CVE-2026-10731

CVE-2026-10731 describes a SQL injection flaw in the two_steps_auth_code parameter processed by the twoStepsAuthVerification function in the /user-login endpoint of Nemon products. The vulnerability allows unauthenticated attackers to execute arbitrary SQL on the backend database, potentially ena...

9.3CVSS6AI score0.00349EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.24 views

PT-2026-47729

SQL injection in the ‘two steps auth code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL...

9.3CVSS6AI score0.00349EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-3655

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS5.5AI score0.00492EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.14 views

CVE-2026-8360

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

7.5CVSS5.5AI score0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 5:31 a.m.13 views

EUVD-2026-32079

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...

8.8CVSS6AI score0.00283EPSS
Exploits0References5
Rows per page
Query Builder