CVE-2024-37606

A Stack overflow vulnerability in D-Link DCS-932L REVBFIRMWARE2.18.01 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2024-8748

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50ABOM.8.4C0 could allow an attacker to cause a temporary denial of service DoS condition against the web management interface by sending a crafted HTTP...

ProjectSend Improper Authentication Vulnerability

ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload...

CVE-2024-11680

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...

CVE-2024-11680 ProjectSend Unauthenticated Configuration Modification

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...

CVE-2024-36251

The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedefsubsel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and...

CVE-2024-36251

The CVE-2024-36251 entry covers Sharp MFP devices whose web interface processes crafted HTTP requests that can crash the device. Specifically, a crafted parameter to billcodedef_sub_sel.html is not processed correctly, causing a device crash. Sources from Red Hat, NVD, CVE list aggregations, and ...

CVE-2024-36251

The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedefsubsel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and...

PT-2025-16238

Name of the Vulnerable Software and Affected Versions: libsoup affected versions not specified Description: A flaw was found in libsoup, where the soup headers parse request function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP reque...

CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

CVE-2024-8525

CVE-2024-8525 affects Automated Logic WebCTRL 7.0 (Premium Server). The issue is an unrestricted upload of a file with a dangerous type that an unauthenticated attacker can exploit via a crafted HTTP POST to achieve remote command execution and upload of a malicious file. Multiple connected sourc...

CVE-2023-49952

Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...

CVE-2021-1482 Cisco SD-WAN vManage Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks. An...

CVE-2024-33505

A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege...

CVE-2023-44255

An exposure of sensitive information to an unauthorized actor CWE-200 in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP o...

CVE-2023-44255

Fortinet CVE-2023-44255 affects FortiManager (before 7.4.2), FortiAnalyzer (before 7.4.2), and FortiAnalyzer-BigData (before 7.2.5). The root cause is insufficient access control, allowing a privileged attacker with administrative read permissions to read event logs of another ADOM via crafted HT...

The vulnerability in the web interface of Cisco Unified Industrial Wireless network devices’ Cisco Ultra-Reliable Wireless Backhaul software allows a attacker to execute arbitrary code with root privileges.

The vulnerability of the Cisco Unified Industrial Wireless network device management web interface for Cisco Ultra-Reliable Wireless Backhaul URWB is related to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a...

CVE-2024-20476

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

CVE-2024-31152

The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application, where a series of crafted HTTP requests can cause a reboot. This could lead to network service interruptions...