1746 matches found
CVE-2025-53531
WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142...
CVE-2025-53530
WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confirmed that the server processes URLs up to...
CVE-2025-53531 WeGIA allows Uncontrolled Resource Consumption via the fid parameter
WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142...
CVE-2025-53531 WeGIA allows Uncontrolled Resource Consumption via the fid parameter
WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142...
CVE-2025-53531 WeGIA allows Uncontrolled Resource Consumption via the fid parameter
WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142...
CVE-2025-53531
WeGIA is a web management server for charitable organizations. A vulnerability arises from the fid parameter length not being validated, allowing excessively long HTTP GET requests that trigger high resource consumption, latency, timeouts, and read errors, leading to Denial of Service. This affec...
CVE-2025-53530
WeGIA is vulnerable to a Denial of Service caused by lack of validation of the length of the errorstr parameter in excessively long HTTP GET requests. Tests indicate the server processes URLs up to 8,142 characters, leading to high resource consumption, increased latency, timeouts, and read error...
CVE-2025-53530 WeGIA allows Uncontrolled Resource Consumption via the errorstr parameter
WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confirmed that the server processes URLs up to...
CVE-2025-53530 WeGIA allows Uncontrolled Resource Consumption via the errorstr parameter
WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confirmed that the server processes URLs up to...
PT-2025-28220 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.3.0 Description: The WeGIA server has a vulnerability that allows excessively long HTTP GET requests to a specific URL, resulting from the lack of validation for the length of the errorstr parameter. This issue leads...
CVE-2025-34086
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...
CVE-2025-34044
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...
The vulnerability of the httpGetEnv() function in TP-Link TL-WR940N router software allows a hacker to cause a service failure.
The vulnerability of the httpGetEnv function in TP-Link TL-WR940N router software lies in the fact that the operation is executed outside the buffer in memory when processing the dnsserver1 parameter. Exploiting this vulnerability allows a malicious actor to cause service failure by sending a...
CVE-2025-46035
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint...
CVE-2025-49150
Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...
CVE-2025-46035
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint...
CVE-2025-46035
CVE-2025-46035 outlines a buffer overflow in the Tenda AC6 router (v15.03.05.16) triggered by oversized schedStartTime and schedEndTime values in an unauthenticated HTTP GET to /goform/openSchedWifi, leading to a denial of service. Affected product is Tenda AC6; the issue stems from inadequate in...
CVE-2025-49150
Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...
CVE-2025-49150 Cursor Agent Potentially Leaks Information using JSON schema
Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...
CVE-2025-49150
Cursor is vulnerable prior to version 0.51.0 due to json.schemaDownload.enable being True by default. When a JSON file is written, an attacker can trigger an arbitrary HTTP GET request without user confirmation, and because the Cursor Agent can edit JSON files, this can enable data exfiltration i...