Lucene search
K

3405 matches found

Vulnrichment
Vulnrichment
added 2026/04/08 12:0 a.m.3 views

CVE-2025-50671

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, userid, shibiename, time,...

6.1AI score0.00492EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 12:0 a.m.2 views

CVE-2025-50670

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglbwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters...

6.1AI score0.00492EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 12:0 a.m.10 views

CVE-2025-50665

CVE-2025-50665 describes a buffer overflow in the D-Link DI-8003 (firmware 16.07.26A1) caused by improper handling of input parameters to the /web_keyword.asp endpoint. A crafted HTTP GET request using parameters such as name, en, time, mem_gb2312, and mem_utf8 can trigger the vulnerability. The ...

7.5CVSS6.2AI score0.00599EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/05 1:0 a.m.3 views

CVE-2026-5531

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...

6.9CVSS5.4AI score0.00204EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/05 1:0 a.m.12 views

CVE-2026-5531

CVE-2026-5531 affects SourceCodester Student Result Management System 1.0. The vulnerability is in the HTTP GET Request Handler, impacting the file /login_credentials.txt where login credentials may be stored in cleartext on disk. The issue can be triggered remotely, and public disclosures exist....

6.9CVSS5.6AI score0.00204EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/03 5:21 p.m.5 views

Use of GET Request Method With Sensitive Query Strings

Overview @immich/sdk is an Auto-generated TypeScript SDK for the Immich API Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the transmission of authentication credentials in the password parameter within the HTTP request query string...

7.5CVSS5.9AI score0.00449EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:51 p.m.5 views

CVE-2026-25118

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...

6.3CVSS5.8AI score0.00449EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 8:28 p.m.2 views

CVE-2025-15620

HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an...

9.2CVSS5.8AI score0.00511EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/01 11:36 p.m.3 views

Use of GET Request Method With Sensitive Query Strings

Overview Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings in the OAuth provider callback flow. An attacker can gain unauthorized access to sensitive information by intercepting refresh tokens exposed in URL query parameters through browser...

7.5CVSS5.8AI score0.00267EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.8 views

PT-2026-29669

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.1 Description phpMyFAQ is susceptible to arbitrary file deletion due to missing path traversal validation and CSRF token verification in the MediaBrowserController::index method. Specifically, when the fileRemove...

8.7CVSS6AI score0.00693EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/03/31 11:11 p.m.7 views

Admidio has Missing CSRF Protection on Registration Approval Actions

Summary The createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which correctly validates the token, these three approval actions read thei...

7.3CVSS6AI score0.00169EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/31 11:11 p.m.3 views

GHSA-PH84-R98X-2J22 Admidio has Missing CSRF Protection on Registration Approval Actions

Summary The createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which correctly validates the token, these three approval actions read thei...

4.5CVSS6AI score0.00169EPSS
Exploits1References4
OSV
OSV
added 2026/03/31 8:34 p.m.6 views

CVE-2026-34384 Admidio: Missing CSRF Protection on Registration Approval Actions

Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...

4.5CVSS5.8AI score0.00169EPSS
Exploits1References4
CVE
CVE
added 2026/03/31 8:34 p.m.12 views

CVE-2026-34384

Admidio vulnerability CVE-2026-34384: Before 5.0.8, the approval modes create_user, assign_member, and assign_user in modules/registration.php accepted GET-based requests with no CSRF validation, allowing an attacker with a pending registration and a rol_approve_users right to auto-approve or mer...

7.3CVSS5.8AI score0.00169EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/03/30 10:36 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CEL-based HTTP functions. An attacker can make unauthorized network requests to internal or external resources and exfitrate sensitive information AWS IAM credentials, GCP tokens by crafting...

9.8CVSS5.6AI score0.00705EPSS
Exploits0References2
CVE
CVE
added 2026/03/28 11:58 a.m.11 views

CVE-2018-25221

Affected product: EChat Server 3.1. Vulnerability: Buffer overflow in the chat.ghp endpoint, exploitable by sending a GET request with an oversized username value, leading to remote code execution in the application context. The provided description states that shellcode and ROP gadgets can be us...

9.8CVSS6.8AI score0.00822EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/28 11:58 a.m.2 views

CVE-2018-25221

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets...

9.8CVSS6.8AI score0.00822EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.9 views

PT-2026-28257

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets...

9.8CVSS6.8AI score0.00822EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-22202

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomments action URL in image tags or other resources to...

8.1CVSS5.6AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.4 views

CVE-2026-3021

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References1
Rows per page
Query Builder