PT-2025-38510

Name of the Vulnerable Software and Affected Versions Service Finder SMS System plugin for WordPress versions prior to 2.1.0 Description The Service Finder SMS System plugin for WordPress does not verify a user's phone number before logging them in, leading to authentication bypass. This allows...

CVE-2014-8534

Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention NDLP before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field...

WordPress Login using WordPress Users ( WP as SAML IDP ) plugin <= 1.15.6 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Lesor101 in WordPress Plugin Login using WordPress Users WP as SAML IDP versions = 1.15.6...

CVE-2023-50356 Improper Certificate Validation in AREAL Topkapi Vision (Server)

SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision Server. This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login...

CVE-2023-50035

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed...

Sql injection

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed...

PHPGurukul Small CRM 安全漏洞

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the Users login panel. No details of the vulnerability are available at this time...

CVE-2023-50035

CVE-2023-50035 affects PHPGurukul Small CRM 3.0. The issue is a SQL Injection in the Users login panel caused by directly using the password parameter in SQL queries without sanitization, enabling payload execution. The CVSSv3.1 base score is 9.8 (CRITICAL). Some connected sources (PT Security) d...

CVE-2023-50035

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed...

SUSE CVE-2014-7271

Simple Desktop Display Manager SDDM before 0.10.0 allows local users to log in as user "sddm" without authentication...

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. Rukovoditel v3.2.1 version of a security vulnerability , the vulnerability stems from the inclusion of DOM-bas...

CVE-2018-16838

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access...

app.mailerlite.com XSS vulnerability

Open Bug Bounty ID: OBB-143953 Description| Value ---|--- Affected Website:| app.mailerlite.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Parliament Of Botswana hacked by V0iD

Parliament Of Botswana hacked by V0iD V0iD hacker again strike with Parliament Of Botswana . Hacker Releases the database table information and Admin users login details at . Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post...

CVE-2010-3911

Multiple cross-site scripting XSS vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via 1 the username aka defaultusername field or 2 the password field in a Users Login action to index.php, or 3 the label parameter in a Settings GetFieldInfo...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via 1 the username aka defaultusername field or 2 the password field in a Users Login action to index.php, or 3 the label parameter in a Settings GetFieldInfo...