532 matches found
CVE-2026-3745
A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2026-2686
A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/sessionlogin.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclose...
PT-2026-20559
Name of the Vulnerable Software and Affected Versions SECCN Dingcheng G10 version 3.1.0.181203 Description A security issue has been identified in SECCN Dingcheng G10 version 3.1.0.181203. The qq function within the /cgi-bin/session login.cgi file is susceptible to operating system command...
CVE-2026-26732
TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword parameters in the formFilter function...
CVE-2019-25325
Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1 to manipulate login queries and gain...
PT-2026-7925
Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1 to manipulate login queries and gain...
Thrive Smart Home SQL注入漏洞
Thrive Smart Home is a smart home system developed by Thrive Corporation. Version 1.1 of Thrive Smart Home has a SQL injection vulnerability. This vulnerability stems from the user parameter in the checklogin.php endpoint, which may lead to authentication bypass...
CVE-2026-2057
A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...
CVE-2026-2057
A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...
PT-2026-6728
Name of the Vulnerable Software and Affected Versions SourceCodester Medical Center Portal Management System version 1.0 Description A flaw exists in SourceCodester Medical Center Portal Management System 1.0 that allows for SQL injection. The issue is located in an unknown function within the...
CVE-2025-70958
Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...
CVE-2026-1480 Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosanyosigevalua.aspx', could allow an attacker to...
CVE-2026-1476 Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in ‘/evaluacionaccionesverauto.aspx’, could allow an attacker to extract...
CVE-2026-1422
A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injection. The attack is possible to be carried ou...
CVE-2026-1422 code-projects Online Examination System Login Page index.php sql injection
A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injection. The attack is possible to be carried ou...
EUVD-2026-4702
A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injection. The attack is possible to be carried ou...
CVE-2026-1422 code-projects Online Examination System Login Page index.php sql injection
A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injection. The attack is possible to be carried ou...
Code-Projects Online Examination System SQL Injection Vulnerability
Code-Projects Online Examination System is an open-source online examination system developed by Code-Projects. Version 1.0 of the Code-Projects Online Examination System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the User parameter in the...
CVE-2026-24138 FOG vulnerable to unauthenticated SSRF via `/fog/service/getversion.php`
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites an...
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable...