PT-2025-12689 · H3C · H3C Magic Nx30 Pro

Name of the Vulnerable Software and Affected Versions: H3C Magic NX30 Pro up to V100R007 Description: A critical vulnerability was found in the H3C Magic NX30 Pro, affecting an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads...

CVE-2025-2607

A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to...

CVE-2024-7476

A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/id/versions endpoint. This issue is resolved in version 1.4....

PT-2025-12451 · Unknown · Lzcms-Laozhangbokexitong

Name of the Vulnerable Software and Affected Versions: LzCMS-LaoZhangBoKeXiTong versions up to 1.1.4 Description: A critical issue affects some unknown functionality of the file /admin/upload/upimage.html, specifically the HTTP POST Request Handler component. The manipulation of the File argument...

CVE-2024-7476

A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/id/versions endpoint. This issue is resolved in version 1.4....

CVE-2024-7476

A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/id/versions endpoint. This issue is resolved in version 1.4....

CVE-2024-7476 Broken Access Control in lunary-ai/lunary

A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/id/versions endpoint. This issue is resolved in version 1.4....

CVE-2024-7476

The CVE-2024-7476 issue is a broken access control in lunary-ai/lunary versions 1.2.7 through 1.4.2. The root cause is improper access control on the /v1/templates/{id}/versions endpoint, which allows an authenticated attacker to modify any user’s templates by sending a crafted HTTP POST request....

CVE-2024-7476 Broken Access Control in lunary-ai/lunary

A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/id/versions endpoint. This issue is resolved in version 1.4....

PT-2025-12185 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.7 through 1.4.2 Description: A broken access control issue exists, allowing an authenticated attacker to modify any user's templates. This is achieved by sending a crafted HTTP POST request to the...

D-Link DAP-1562 Null Pointer Dereference Vulnerability

The D-Link DAP-1562 is a wireless bridge from China's AUO D-Link. The D-Link DAP-1562 suffers from a null pointer dereference vulnerability, which originates from a null pointer dereference to parameter a1 in the HTTP POST Request Handler's function pureauthcheck, for which no detailed...

CVE-2021-37787

The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module...

CVE-2024-50704

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request...

CVE-2024-50704

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request...

CVE-2024-50704

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request...

CVE-2024-50704

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request...

CVE-2024-50704

The CVE details an unauthenticated remote code execution in Uniguest Tripleplay before 24.2.1, exploitable via a specially crafted HTTP POST. Affected component: Tripleplay software; vulnerability arises from the HTTP POST handling. Impact is rated HIGH/CRITICAL (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:C...

CVE-2025-1877 D-Link DAP-1562 HTTP POST Request pure_auth_check null pointer dereference

A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pureauthcheck of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possible to initiate the attack remotely. The...

CVE-2025-1877 D-Link DAP-1562 HTTP POST Request pure_auth_check null pointer dereference

A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pureauthcheck of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possible to initiate the attack remotely. The...

CVE-2025-1800

A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function getipaddrdetails of the file /view/vpn/sxhvpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. Th...