CVE-2025-7783

CVE-2025-7783 affects node-form-data; vulnerable versions include

PT-2025-30061

Name of the Vulnerable Software and Affected Versions form-data versions 2.5.4 form-data versions 3.0.0 through 3.0.3 form-data versions 4.0.0 through 4.0.3 Description A vulnerability exists in the form-data JavaScript library due to the use of insufficiently random values when generating bounda...

CVE-2024-9329

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal...

CVE-2024-7941

An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials...

CVE-2021-27600

SAP Manufacturing Execution System Rules, versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution System Rules tab does not sufficiently encode some parameters, resulting in Stored...

CVE-2021-39510

An issue was discovered in D-Link DIR816A1FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell...

CVE-2012-2965

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue...

Veritas Enterprise Vault 安全漏洞

Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communications platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.1 UPD882911, which stems from a vulnerability that allows an authenticated,...

Veritas Enterprise Vault 安全漏洞

Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communications platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.1 UPD882911, which stems from a vulnerability that allows an authenticated,...

Open Redirect

org.glassfish.main.admin,rest-service is vulnerable to Open redirect. The vulnerability is due to the improper handling of the Host HTTP parameter, which allows an attacker to manipulate URL redirection when accessing the '/management/domain' endpoint. It allows attackers to redirect users to...

CVE-2024-9329

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal...

CVE-2024-9329 Glassfish redirect to untrusted site

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal...

CVE-2024-9329 Glassfish redirect to untrusted site

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal...

CVE-2024-9329

CVE-2024-9329 affects Eclipse GlassFish prior to 7.0.17. The Host HTTP parameter at the /management/domain endpoint can cause the web application to redirect to an attacker‑controlled URL, enabling phishing and potential credential theft. The reports indicate an Open Redirect risk tied to this pa...

CVE-2024-44678

Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. This allows an authenticated attacker to execute arbitrary commands on the device by sending a crafted HTTP request to the ssid parameter in the request...

ABB Cylon Aspect 3.07.00 Remote Code Execution

ABB Cylon Aspect 3.07.00 networkDiagAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.00 Summary: ASPECT is an award-winning scalable building energy management...

CVE-2024-7941

An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials...

CVE-2024-7941

An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials...

CVE-2024-7941

CVE-2024-7941 affects Hitachi Energy MicroSCADA Pro/X SYS600 and MicroSCADA X SYS600. The root cause is improper handling of an HTTP parameter that may contain a URL value, allowing the web application to redirect the user to a specified URL. This can enable phishing if an attacker lures a user t...

CVE-2024-7941

An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials...