CVE-2026-8776

Edimax BR-6428NS v1.10 is affected by CVE-2026-8776 due to a buffer overflow in POST Request Handler’s formPPTPSetup (pptpUserName). The issue can be exploited remotely; public exploit exists and exploit maturity is PROOF-OF-CONCEPT. Vendor did not respond to disclosure. CVSS metrics indicate HIG...

CVE-2026-8776 Edimax BR-6428NS POST Request formPPTPSetup buffer overflow

A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulation of the argument pptpUserName leads to buffer overflow. It is possible to launch the attack...

EUVD-2026-30711

A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and m...

CVE-2026-8775

A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TPUserName causes buffer overflow. It is possible to initiate the attack remotely. The exploit has...

PT-2026-41696

Name of the Vulnerable Software and Affected Versions form-data-objectizer versions prior to 1.0.1 Description The software fails to filter proto , constructor, or prototype when converting FormData to objects using bracket-notation form keys. An attacker can submit a single HTTP form field with ...

PT-2026-41759

Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.6 Description An authenticated user with forms READ permission can export the structure of unauthorized forms. Recommendations Update to version 11.0.7...

PT-2026-41772

Name of the Vulnerable Software and Affected Versions parse-nested-form-data versions prior to 1.0.1 Description The parseFormData function processes bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. An attacker can use a FormData field na...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: undertow (UTSA-2026-021493)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021493 advisory. A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-021470)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021470 advisory. Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in...

CVE-2026-8764

CVE-2026-8764 affects H3C Magic B3 up to 100R002. The vulnerability lies in the function UpdateWanParams in the file /goform/aspForm , where manipulation of the argument parameter causes a buffer overflow . The attack can be performed remotely and the exploit has been publicly disclosed. No remed...

CVE-2026-8764 H3C Magic B3 aspForm UpdateWanParams buffer overflow

A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and m...

CVE-2018-25337

CVE-2018-25337 affects Joomla JoomOCShop 1.0 and is a Cross-Site Request Forgery vulnerability that allows an attacker to perform unauthorized actions on behalf of authenticated users. The issue enables crafting malicious requests targeting endpoints such as /joomoc2/?route=account/edit to modify...

PT-2026-41584

Name of the Vulnerable Software and Affected Versions H3C Magic B3 versions prior to 100R002 Description A buffer overflow exists in the UpdateWanParams function within the '/goform/aspForm' endpoint. This issue occurs when the param argument is manipulated, allowing a remote attacker to trigger...

CVE-2021-47981

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...

EUVD-2020-31233

bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts...

CVE-2021-47981 Quick.CMS 6.7 Cross-Site Scripting via CSRF to Sliders Form

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...

CVE-2021-47981

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...

EUVD-2021-34836

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...

CVE-2021-47981

CVE-2021-47981 affects Quick.CMS 6.7. It describes a cross-site scripting vulnerability in the sliders form that can be exploited when an authenticated user submits an XSS payload via the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to cau...

CVE-2021-47981 Quick.CMS 6.7 Cross-Site Scripting via CSRF to Sliders Form

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...