CVE-2024-13200

wander-chu SpringBoot-Blog 1.0 contains a critical flaw in the HTTP POST Request Handler: the preHandle function in BaseInterceptor.java has improper access controls, enabling remote exploitation. Multiple connected sources confirm the affected component and remote attack possibility, with public...

PT-2025-3828 · Kaiyuantong · Kaiyuantong Ect Platform

Name of the Vulnerable Software and Affected Versions: KaiYuanTong ECT Platform versions up to 2.0.0 Description: A critical issue has been found in the HTTP POST Request Handler component of the affected software, specifically in the file /public/server/runCode.php. The manipulation of the code...

CVE-2025-22137

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...

CVE-2025-22137 Arbitrary File Overwrite via HTTP POST in Pingvin Share

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...

CVE-2025-22137 Arbitrary File Overwrite via HTTP POST in Pingvin Share

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...

CVE-2025-22137

Pingvin Share (self-hosted file sharing platform) is affected by CVE-2025-22137. The vulnerability allows an authenticated or unauthenticated user (if anonymous shares are allowed) to overwrite arbitrary files on the server via HTTP POST requests. The issue is addressed in version 1.4.0. The avai...

CVE-2025-22137 Arbitrary File Overwrite via HTTP POST in Pingvin Share

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...

CVE-2023-4617 Gaining remote control over Govee devices

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

CVE-2023-4617 Gaining remote control over Govee devices

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

CVE-2024-50585 Reflected Cross-Site Scripting

Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix License Server Administration System Login" nlslogin.jsp page. The vulnerability can be triggered by sending a speciall...

CVE-2024-50585 Reflected Cross-Site Scripting

Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix License Server Administration System Login" nlslogin.jsp page. The vulnerability can be triggered by sending a speciall...

CVE-2024-12183

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Th...

CVE-2024-12183 DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Th...

CVE-2024-12183 DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Th...

CVE-2024-8748

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50ABOM.8.4C0 could allow an attacker to cause a temporary denial of service DoS condition against the web management interface by sending a crafted HTTP...

CVE-2024-8748

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50ABOM.8.4C0 could allow an attacker to cause a temporary denial of service DoS condition against the web management interface by sending a crafted HTTP...

CVE-2024-8748

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50ABOM.8.4C0 could allow an attacker to cause a temporary denial of service DoS condition against the web management interface by sending a crafted HTTP...

CVE-2024-8748

The CVE-2024-8748 entry describes a buffer overflow in the packet parser of the third‑party library libclinkc used by Zyxel VMG8825‑T50K firmware up to V5.50(ABOM.8.4)C0. This can allow a remote attacker to cause a temporary DoS of the device web management interface by sending a crafted HTTP POS...

Astra Linux – Vulnerability in PHP 8.2

In PHP versions 8.1. before 8.1.30, and 8.2. before 8.2.24, as well as 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could result in legitimate data not being processed. This could allow malicious attackers to control a portion of the submitted dat...

CVE-2024-8525

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...