Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/05/03 6:30 a.m.10 views

CVE-2026-7683

Edimax BR-6428nC (firmware up to 1.16) exposes a vulnerability in the Web Interface, specifically /goform/setWAN, where manipulating the pppUserName/pptpUserName argument enables remote command injection. The issue is actionable remotely, with exploits publicly available. The vendor was contacted...

6.5CVSS5.5AI score0.0123EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/03/04 1:56 a.m.3 views

CVE-2025-52468

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows...

8.8CVSS5.9AI score0.00065EPSS
Exploits1References1
OSV
OSVadded 2026/02/27 2:16 a.m.0 views

CVE-2026-25721

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...

8.8CVSS6.4AI score
Exploits0References3
Github Security Blog
Github Security Blogadded 2025/10/08 3:32 p.m.2 views

Liferay Portal Notifications Widget has multiple XSS vulnerabilities through various text fields

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

5.4CVSS5.9AI score0.00031EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVEadded 2025/05/22 5:20 a.m.4 views

CVE-2014-8945

admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields...

9.8CVSS7.8AI score0.17757EPSS
Exploits1References1
CNNVD
CNNVDadded 2022/02/26 12:0 a.m.2 views

Sangfor VDI Client 安全漏洞

Sangfor VDI Client is a tool used by Sangfor to quickly build virtual desktops.A security vulnerability exists in Sangfor VDI Client, which can be exploited by attackers to discover the contents of username and password fields when reading process memory...

5.5CVSS5.6AI score0.00052EPSS
Exploits1References3
securityvulns
securityvulnsadded 2007/07/28 12:0 a.m.44 views

WebEvents: Online Event Registration Template Username Fields SQL INJECTION

A R I A - S E C U R I T Y WebEvents: Online Event Registration Template Username Field SQL Injection Vendor: http://www.codewidgets.com http://target.com/PATH/signin.aspx Username: admin Password: anything' OR 'x'='x Credits: Aria-Security Team http://aria-security.net...

0.2AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2006/04/19 12:0 a.m.1 views

PT-2006-2844 · Bluepay · Bluepay Manager

Name of the Vulnerable Software and Affected Versions: BluePay Manager versions 2.0 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML during a login action via the Account Name and Username fields. The vendor has disputed this issue, stating it does...

2.6CVSS6.8AI score0.00362EPSS
Exploits0References3
Rows per page
Query Builder