Lucene search
K

532 matches found

NVD
NVD
added 2026/03/08 4:16 p.m.7 views

CVE-2026-3745

A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

8.8CVSS0.00303EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.6 views

CVE-2026-2686

A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/sessionlogin.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclose...

10CVSS5.4AI score0.02276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.10 views

PT-2026-20559

Name of the Vulnerable Software and Affected Versions SECCN Dingcheng G10 version 3.1.0.181203 Description A security issue has been identified in SECCN Dingcheng G10 version 3.1.0.181203. The qq function within the /cgi-bin/session login.cgi file is susceptible to operating system command...

10CVSS8.9AI score0.02276EPSS
Exploits0References11
NVD
NVD
added 2026/02/17 7:21 p.m.14 views

CVE-2026-26732

TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword parameters in the formFilter function...

8.8CVSS0.00327EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:48 p.m.2 views

CVE-2019-25325

Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1 to manipulate login queries and gain...

8.8CVSS5.9AI score0.00329EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.7 views

PT-2026-7925

Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1 to manipulate login queries and gain...

8.8CVSS5.9AI score0.00329EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.7 views

Thrive Smart Home SQL注入漏洞

Thrive Smart Home is a smart home system developed by Thrive Corporation. Version 1.1 of Thrive Smart Home has a SQL injection vulnerability. This vulnerability stems from the user parameter in the checklogin.php endpoint, which may lead to authentication bypass...

8.8CVSS5.8AI score0.00329EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.5 views

CVE-2026-2057

A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

9.8CVSS7.2AI score0.00326EPSS
Exploits1References1
NVD
NVD
added 2026/02/06 4:16 p.m.5 views

CVE-2026-2057

A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

9.8CVSS0.00326EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6728

Name of the Vulnerable Software and Affected Versions SourceCodester Medical Center Portal Management System version 1.0 Description A flaw exists in SourceCodester Medical Center Portal Management System 1.0 that allows for SQL injection. The issue is located in an unknown function within the...

9.8CVSS5.6AI score0.00326EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/02/03 3:11 a.m.8 views

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS5.5AI score0.00254EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/27 4:31 p.m.5 views

CVE-2026-1480 Out-of-band SQL injection in Quatuor Performance Evaluation

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosanyosigevalua.aspx', could allow an attacker to...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/27 4:29 p.m.3 views

CVE-2026-1476 Out-of-band SQL injection in Quatuor Performance Evaluation

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in ‘/evaluacionaccionesverauto.aspx’, could allow an attacker to extract...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/26 6:2 a.m.3 views

CVE-2026-1422

A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injection. The attack is possible to be carried ou...

9.8CVSS5.6AI score0.00483EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/01/26 6:2 a.m.28 views

CVE-2026-1422 code-projects Online Examination System Login Page index.php sql injection

A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injection. The attack is possible to be carried ou...

7.5CVSS0.00483EPSS
Exploits1References5
EUVD
EUVD
added 2026/01/26 6:2 a.m.5 views

EUVD-2026-4702

A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injection. The attack is possible to be carried ou...

7.5CVSS5.6AI score0.00483EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/26 6:2 a.m.9 views

CVE-2026-1422 code-projects Online Examination System Login Page index.php sql injection

A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injection. The attack is possible to be carried ou...

7.5CVSS5.6AI score0.00483EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.4 views

Code-Projects Online Examination System SQL Injection Vulnerability

Code-Projects Online Examination System is an open-source online examination system developed by Code-Projects. Version 1.0 of the Code-Projects Online Examination System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the User parameter in the...

9.8CVSS7.2AI score0.00483EPSS
Exploits1References6
OSV
OSV
added 2026/01/23 12:19 a.m.7 views

CVE-2026-24138 FOG vulnerable to unauthenticated SSRF via `/fog/service/getversion.php`

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites an...

7.5CVSS5.6AI score0.0038EPSS
Exploits0References3
OSV
OSV
added 2026/01/21 7:16 a.m.1 views

CVE-2026-24061

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable...

9.8CVSS5.8AI score0.98871EPSS
Exploits60References13
Rows per page
Query Builder