EUVD-2025-17413

Malicious code in bioql PyPI...

EUVD-2025-21820

Malicious code in bioql PyPI...

EUVD-2023-44126

Malicious code in bioql PyPI...

EUVD-2024-48959

Malicious code in bioql PyPI...

EUVD-2024-16322

Malicious code in bioql PyPI...

SUSE CVE-2025-9648

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

CVE-2025-30247

An OS command injection vulnerability in user interface in Western Digital My Cloud firmware prior to 5.31.108 on NAS platforms allows remote attackers to execute arbitrary system commands via a specially crafted HTTP POST...

CVE-2025-30247

CVE-2025-30247 is an OS command injection in the web UI of Western Digital My Cloud NAS on firmware prior to 5.31.108. A remote attacker can execute arbitrary system commands via a specially crafted HTTP POST. Affected products are Western Digital My Cloud firmware versions before 5.31.108. The C...

CVE-2025-9648 Denial of Service in CivetWeb

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

CVE-2025-11073 Keyfactor RG-EW5100BE HTTP POST Request cmd command injection

A vulnerability was detected in Keyfactor RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be...

PT-2025-39737

Name of the Vulnerable Software and Affected Versions Keyfactor RG-EW5100BE EW 3.0B11P280 EW5100BE-PRO 12183019 Description A flaw exists in Keyfactor RG-EW5100BE EW 3.0B11P280 EW5100BE-PRO 12183019. The issue is related to command injection stemming from the manipulation of the url argument with...

Tenda AC20 安全漏洞

Tenda AC20 is a home router from Tenda. The Tenda AC20 suffers from a buffer overflow vulnerability that originates from the failure of startIp, a parameter in the strcpy function of the /goform/SetPptpServerCfg file in the HTTP POST request processing component, to correctly validate the length ...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the parsemultipart function when processing a multipart/related HTTP POST request with an empty HTTP body. An attacker can cause the application to crash by sending a specially crafted HTTP request to the SB...

Linux Distros Unpatched Vulnerability : CVE-2021-20110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to matc...

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)

...

CVE-2025-56752

A vulnerability in the Ruijie RG-ES series switch firmware ESW1.01B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to...

Security Bulletin: Vulnerability in Netty's HttpPostRequestDecoder Allows Unbounded Memory Accumulation, which affects IBM watsonx.data

Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no...

CVE-2024-13979 St. Joe ERP System SingleRowQueryConverter SQL Injection

A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into...

CVE-2025-51054

Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint...

CVE-2025-51054

Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint...