1746 matches found
CVE-2022-29061
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests...
CVE-2022-4098
Multiple Wiesemann products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting...
CVE-2024-1197
A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql...
CVE-2024-23973
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of...
CVE-2024-23973 Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of...
CVE-2024-23973 Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of...
CVE-2024-23973
CVE-2024-23973 affects Silicon Labs Gecko OS. The vulnerability stems from improper validation of the length of user-supplied data during HTTP GET handling, leading to a stack-based buffer overflow. This flaw enables network-adjacent attackers to execute arbitrary code in the device’s context wit...
CVE-2025-0730
A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usraccountset.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request...
CVE-2025-0730
A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usraccountset.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request...
CVE-2025-0730 TP-Link TL-SG108E HTTP GET Request usr_account_set.cgi get request method with sensitive query strings
A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usraccountset.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request...
CVE-2025-0730
CVE-2025-0730 affects TP-Link TL-SG108E (version 1.0.0 Build 20201208 Rel. 40304). The vulnerability is in an unknown function of the HTTP GET Request Handler for /usr_account_set.cgi, where manipulating the username/password parameters in a GET request can disclose sensitive query data and is po...
CVE-2025-0730 TP-Link TL-SG108E HTTP GET Request usr_account_set.cgi get request method with sensitive query strings
A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usraccountset.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request...
Cross-Site Request Forgery (CSRF)
typo3/cms-belog is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the backend user interface functionality involving deep links, which allows state-changing actions via HTTP GET without enforcing the appropriate HTTP method and allows an attacker to exploit the “Log...
CVE-2024-55893
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55920 Cross-Site Request Forgery in Dashboard Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55920 Cross-Site Request Forgery in Dashboard Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55922
CVE-2024-55922 is a CSRF vulnerability in TYPO3’s backend UI deep-link functionality affecting the Form Framework Module. The issue allows an attacker to manipulate or delete persisted form definitions when a victim with an active backend session is deceived into visiting a malicious URL. Conditi...
CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55945
CVE-2024-55945 affects TYPO3 (notably the DB Check Module in the TYPO3 backend). The issue is a CSRF vulnerability in deep-linking that can enable state-changing actions to be performed via unauthorized submissions, if an attacker lures a logged-in backend user to a malicious URL. Exploitation re...
PT-2025-3149 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...