Lucene search
K

3404 matches found

RedhatCVE
RedhatCVE
added 2026/04/11 1:21 a.m.6 views

CVE-2026-34020

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/10 7:22 p.m.6 views

CVE-2025-50666

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /webpost.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, userid, log, and time...

7.5CVSS6.1AI score0.00599EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/10 6:32 p.m.1 views

CVE-2026-33705

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/09 6:31 p.m.6 views

Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/09 6:31 p.m.6 views

GHSA-GCVM-C75M-H4P4 Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...

8.7CVSS5.8AI score0.00509EPSS
Exploits0References5
CVE
CVE
added 2026/04/09 3:52 p.m.21 views

CVE-2026-34020

CVE-2026-34020 affects Apache OpenMeetings (versions 3.1.3 through 8.9.99). The REST login endpoint uses HTTP GET with username and password passed as query parameters, exposing credentials in server logs, browser history, and potentially network monitoring. The issue is mitigated by upgrading to...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 3:52 p.m.3 views

CVE-2026-34020

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...

5.8AI score0.00509EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Apache OpenMeetings 安全漏洞

Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system developed by the Apache Foundation in the United States. This product supports audio and video capabilities, and allows users to view the desktops of each participant. Versions of Apache OpenMeetings...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31641

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions 3.1.3 through 8.9.99 Description The REST login endpoint uses the HTTP GET method, transmitting the username and password as query parameters. This practice exposes sensitive credentials in server logs, browser...

5.8AI score0.00509EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/08 9:33 p.m.12 views

EUVD-2025-209353

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /webkeyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, memgb2312, and memutf8 parameters...

6.2AI score0.00599EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 9:33 p.m.7 views

EUVD-2025-209354

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /webpost.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, userid, log, and time...

6.2AI score0.00599EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 9:33 p.m.4 views

EUVD-2025-209345

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /urlrule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log...

6.2AI score0.00605EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 7:24 p.m.5 views

CVE-2025-50670

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglbwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters...

7.5CVSS0.00492EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 7:24 p.m.4 views

CVE-2025-50665

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /webkeyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, memgb2312, and memutf8 parameters...

7.5CVSS0.00599EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 7:24 p.m.11 views

CVE-2025-50661

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /urlrule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log...

7.5CVSS0.00605EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 12:0 a.m.2 views

CVE-2025-50666

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /webpost.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, userid, log, and time...

6.1AI score0.00599EPSS
Exploits0References3
CVE
CVE
added 2026/04/08 12:0 a.m.14 views

CVE-2025-50661

CVE-2025-50661 describes a buffer overflow in the D-Link DI-8003 (firmware 16.07.26A1) caused by improper handling of multiple parameters in the /url_rule.asp endpoint. A crafted HTTP GET request including parameters name, en, ips, u, time, act, rpri, and log can trigger the overflow, leading to ...

7.5CVSS6.2AI score0.00605EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/08 12:0 a.m.21 views

CVE-2025-50665

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /webkeyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, memgb2312, and memutf8 parameters...

0.00599EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/08 12:0 a.m.19 views

CVE-2025-50671

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, userid, shibiename, time,...

0.00492EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 12:0 a.m.3 views

CVE-2025-50671

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, userid, shibiename, time,...

6.1AI score0.00492EPSS
Exploits0References2
Rows per page
Query Builder