Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-34175
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.
Login Configurator Project Login Configurator
NA
CVE-2010-2945
The default configuration of SLiM prior to 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.
Simone Rota Slim Simple Login Manager 1.2.1
Simone Rota Slim Simple Login Manager 1.2.0
Simone Rota Slim Simple Login Manager 1.1.0
Simone Rota Slim Simple Login Manager 1.0.0
Simone Rota Slim Simple Login Manager 1.2.5
Simone Rota Slim Simple Login Manager 1.2.3
Simone Rota Slim Simple Login Manager 1.3.0
Simone Rota Slim Simple Login Manager 1.2.6
Simone Rota Slim Simple Login Manager 1.2.4
Simone Rota Slim Simple Login Manager 1.2.2
Simone Rota Slim Simple Login Manager
9.8
CVSSv3
CVE-2016-15031
A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injec...
Php-login Project Php-login 1.0
7.8
CVSSv3
CVE-2017-20066
A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public an...
Adminer Login Project Adminer Login 1.4.4
7.8
CVSSv3
CVE-2014-5000
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
Lawn-login Project Lawn-login 0.0.7
4.8
CVSSv3
CVE-2023-5243
The Login Screen Manager WordPress plugin up to and including 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e...
Login Screen Manager Project Login Screen Manager
4.8
CVSSv3
CVE-2023-0544
The WP Login Box WordPress plugin up to and including 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
Wp Login Box Project Wp Login Box
9.8
CVSSv3
CVE-2012-10001
The Limit Login Attempts plugin prior to 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote malicious users to conduct brute-force authentication attempts.
Limit Login Attempts Project Limit Login Attempts
6.1
CVSSv3
CVE-2017-15867
Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin up to and including 1.5.2 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) br...
User-login-history Project User-login-history
7.5
CVSSv3
CVE-2021-24998
The Simple JWT Login WordPress plugin prior to 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be ...
Simple Jwt Login Project Simple Jwt Login
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »