CVE-2025-5671 TOTOLINK N302R Plus HTTP POST Request formPortFw buffer overflow

A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument servicetype leads to buffer overflow. It is possib...

CVE-2025-5671

TOTOLINK N302R Plus firmware ≤ 3.4.0-B20201028 has a buffer overflow in the HTTP POST Request Handler function /boafrm/formPortFw caused by manipulation of the service_type argument. The issue enables remote code execution, with exploits disclosed publicly. Multiple sources corroborate a critical...

PT-2025-24051 · Totolink · Totolink X15

Name of the Vulnerable Software and Affected Versions: TOTOLINK X15 version 1.0.0-B20230714.1105 Description: A critical vulnerability has been found in the HTTP POST Request Handler component of TOTOLINK X15, affecting the file /boafrm/formWlanRedirect. The manipulation of the redirect-url...

PT-2025-24061 · Totolink · Totolink X15

Name of the Vulnerable Software and Affected Versions: TOTOLINK X15 version 1.0.0-B20230714.1105 Description: A critical issue affects some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the submit-url argument leads to buffer...

PT-2025-24056 · Totolink · Totolink X15

Name of the Vulnerable Software and Affected Versions: TOTOLINK X15 version 1.0.0-B20230714.1105 Description: A critical issue has been found in the HTTP POST Request Handler component of the affected software. The manipulation of the submit-url argument leads to a buffer overflow. This can be...

PT-2025-24055 · Totolink · Totolink X15

Name of the Vulnerable Software and Affected Versions: TOTOLINK X15 version 1.0.0-B20230714.1105 Description: A critical issue affects the unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer...

PT-2025-24062 · Totolink · Totolink X15

Name of the Vulnerable Software and Affected Versions: TOTOLINK X15 version 1.0.0-B20230714.1105 Description: A critical vulnerability has been found in the HTTP POST Request Handler of TOTOLINK X15. This affects an unknown part of the file /boafrm/formSaveConfig. The manipulation of the submit-u...

PT-2025-23946 · Totolink · Totolink N302R Plus

Name of the Vulnerable Software and Affected Versions: TOTOLINK N302R Plus versions up to 3.4.0-B20201028 Description: A critical vulnerability was found in the HTTP POST Request Handler component of TOTOLINK N302R Plus. The issue affects an unknown function of the file /boafrm/formPortFw. The...

PT-2025-23947 · Totolink · Totolink N302R Plus

Name of the Vulnerable Software and Affected Versions: TOTOLINK N302R Plus versions up to 3.4.0-B20201028 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically in the unknown functionality of the file /boafrm/formFilter. The manipulation of the url...

CVE-2025-5408

A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410240222 and classified as critical. Affected by this issue is the function syslogin of the file /cgi-bin/login.cgi of the component HTTP POST Request Handler. The...

CVE-2025-5408

A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410240222 and classified as critical. Affected by this issue is the function syslogin of the file /cgi-bin/login.cgi of the component HTTP POST Request Handler. The...

CVE-2025-5408

The CVE-2025-5408 issue affects WAVLINK QUANTUM D2G/D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, and WL-WN576K1 (versions up to V1410_240222). The vulnerability is in the function sys_login of /cgi-bin/login.cgi within the HTTP POST Request Handler, where manipulation of the login_page argument tri...

CVE-2025-5408 WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow

A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410240222 and classified as critical. Affected by this issue is the function syslogin of the file /cgi-bin/login.cgi of the component HTTP POST Request Handler. The...

CVE-2024-9277

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

CVE-2024-1569

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

CVE-2024-0300

A vulnerability was found in Byzoro Smart S150 Management Platform up to 20240101. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php of the component HTTP POST Request Handler. The manipulation of the argument webimg lead...

CVE-2024-2482

A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /checkavailability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword lea...

CVE-2024-0357

A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been...

CVE-2024-0483

A vulnerability classified as critical was found in Taokeyun up to 1.0.5. This vulnerability affects the function index of the file application/index/controller/app/Task.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be...

CVE-2024-0528

A vulnerability, which was classified as critical, was found in CXBSoft Post-Office 1.0. Affected is an unknown function of the file /admin/pages/updatego.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclose...