966 matches found
CVE-2026-7854 D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow
A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function urlruleasp of the file /urlrule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi...
CVE-2026-7854
A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function urlruleasp of the file /urlrule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi...
CVE-2026-7854 D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow
A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function urlruleasp of the file /urlrule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi...
CVE-2026-7854
The CVE-2026-7854 entry concerns D-Link DI-8100 firmware 16.07.26A1. The vulnerability lies in the POST Parameter Handler, specifically the url_rule_asp function in /url_rule.asp, which is reported to cause a buffer overflow. This could be exploited remotely, and public exploit information is ind...
CVE-2026-41923
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...
CVE-2026-5063
Affected software: NEX-Forms – Ultimate Forms Plugin for WordPress. Vulnerable component/function: submit_nex_form() in versions up to and including 9.1.11. Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated stored Cross-Site Scripting via POST parameter key ...
PT-2026-36681
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit nex form function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-4911
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
PT-2026-37048
Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow can be triggered remotely via the POST Parameter Handler component. The issue exists within the url rule asp function of the '/url rule.asp' endpoint. Recommendations At the momen...
CVE-2026-6496 prasathmani TinyFileManager POST Parameter filemanager.php path traversal
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...
CVE-2026-6496 prasathmani TinyFileManager POST Parameter filemanager.php path traversal
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...
CVE-2025-65136
In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter...
CVE-2025-63939
CVE-2025-63939 affects the anirudhkannan Grocery Store Management System 1.0. The vulnerability is caused by improper input handling in /Grocery/search_products_itname.php, allowing SQL injection via the sitem_name POST parameter. The entry carries a CVSS v3.1 base score of 9.8 (CRITICAL) with NE...
Dolibarr has SQL injection vulnerability in the rowid parameter of the admin dict.php
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...
PT-2026-32172
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...
CVE-2026-5811
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...
CVE-2026-5811 SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic error
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...
SourceCodester Online Food Ordering System 安全漏洞
The SourceCodester Online Food Ordering System is an open-source online ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System has a security vulnerability. This vulnerability stems from the handling of the parameter ‘price’ in the ‘saveproduct’...
PT-2026-31092
Name of the Vulnerable Software and Affected Versions Pinterest Site Verification plugin using Meta Tag plugin for WordPress versions up to and including 1.8 Description The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is susceptible to Stored Cross-Site Scripting throug...
CVE-2024-36058
The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...