Lucene search
K

966 matches found

Cvelist
Cvelist
added 2026/05/05 6:15 p.m.50 views

CVE-2026-7854 D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow

A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function urlruleasp of the file /urlrule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi...

10CVSS0.0586EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/05 6:15 p.m.7 views

CVE-2026-7854

A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function urlruleasp of the file /urlrule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi...

10CVSS7.5AI score0.0586EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 6:15 p.m.14 views

CVE-2026-7854 D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow

A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function urlruleasp of the file /urlrule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi...

10CVSS7.5AI score0.0586EPSS
Exploits1References5
CVE
CVE
added 2026/05/05 6:15 p.m.33 views

CVE-2026-7854

The CVE-2026-7854 entry concerns D-Link DI-8100 firmware 16.07.26A1. The vulnerability lies in the POST Parameter Handler, specifically the url_rule_asp function in /url_rule.asp, which is reported to cause a buffer overflow. This could be exploited remotely, and public exploit information is ind...

10CVSS7.5AI score0.0586EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/05/04 8:16 p.m.10 views

CVE-2026-41923

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

9.3CVSS0.02615EPSS
Exploits0References3
CVE
CVE
added 2026/05/03 4:25 a.m.19 views

CVE-2026-5063

Affected software: NEX-Forms – Ultimate Forms Plugin for WordPress. Vulnerable component/function: submit_nex_form() in versions up to and including 9.1.11. Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated stored Cross-Site Scripting via POST parameter key ...

7.2CVSS6AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.9 views

PT-2026-36681

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit nex form function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6AI score0.00243EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:45 a.m.5 views

CVE-2026-4911

The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...

5.3CVSS5.7AI score0.00308EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.6 views

PT-2026-37048

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow can be triggered remotely via the POST Parameter Handler component. The issue exists within the url rule asp function of the '/url rule.asp' endpoint. Recommendations At the momen...

10CVSS7.5AI score0.0586EPSS
Exploits1References16
Vulnrichment
Vulnrichment
added 2026/04/17 2:30 p.m.4 views

CVE-2026-6496 prasathmani TinyFileManager POST Parameter filemanager.php path traversal

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...

5.5CVSS5.6AI score0.00455EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/17 2:30 p.m.41 views

CVE-2026-6496 prasathmani TinyFileManager POST Parameter filemanager.php path traversal

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...

5.5CVSS0.00455EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.2 views

CVE-2025-65136

In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter...

5.8AI score0.00181EPSS
Exploits1References1
CVE
CVE
added 2026/04/14 12:0 a.m.5 views

CVE-2025-63939

CVE-2025-63939 affects the anirudhkannan Grocery Store Management System 1.0. The vulnerability is caused by improper input handling in /Grocery/search_products_itname.php, allowing SQL injection via the sitem_name POST parameter. The entry carries a CVSS v3.1 base score of 9.8 (CRITICAL) with NE...

9.8CVSS5.9AI score0.00269EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/12 3:30 p.m.11 views

Dolibarr has SQL injection vulnerability in the rowid parameter of the admin dict.php

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...

9.1CVSS6.2AI score0.00311EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.9 views

PT-2026-32172

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...

8.8CVSS6.2AI score0.00311EPSS
Exploits1References5
NVD
NVD
added 2026/04/08 11:17 p.m.3 views

CVE-2026-5811

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...

5.5CVSS0.00246EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/08 10:15 p.m.3 views

CVE-2026-5811 SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic error

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...

5.5CVSS5.8AI score0.00246EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.11 views

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System has a security vulnerability. This vulnerability stems from the handling of the parameter ‘price’ in the ‘saveproduct’...

5.5CVSS6AI score0.00246EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.3 views

PT-2026-31092

Name of the Vulnerable Software and Affected Versions Pinterest Site Verification plugin using Meta Tag plugin for WordPress versions up to and including 1.8 Description The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is susceptible to Stored Cross-Site Scripting throug...

6.4CVSS5.8AI score0.002EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/04/07 12:0 a.m.3 views

CVE-2024-36058

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...

6.1AI score0.00478EPSS
Exploits1References4
Rows per page
Query Builder