Lucene search
+L

7837 matches found

CVE
CVE
added 2026/05/30 4:30 p.m.29 views

CVE-2026-10127

CVE-2026-10127 affects Edimax BR-6478AC firmware version 1.23. The vulnerability resides in the POST Request Handler function formStaDrvSetup, specifically the /goform/formStaDrvSetup endpoint, where manipulating the argument rootAPmac enables command injection. Exploitation can be remote; public...

6.5CVSS6.5AI score0.01262EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/30 4:15 p.m.44 views

CVE-2026-10126 Edimax BR-6478AC POST Request formQoS buffer overflow

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched remotely. The exploit has...

9CVSS0.00753EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/30 4:15 p.m.11 views

CVE-2026-10126 Edimax BR-6478AC POST Request formQoS buffer overflow

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched remotely. The exploit has...

9CVSS7.8AI score0.00753EPSS
Exploits0References4
CVE
CVE
added 2026/05/30 4:15 p.m.32 views

CVE-2026-10126

Edimax BR-6478AC firmware 1.23 has a vulnerability in the POST Request Handler, specifically the formQoS function (/goform/formQoS). Manipulating the selSSID argument causes a buffer overflow, enabling a remote attacker. Public exploit exists. The provided sources do not specify a patched version...

9CVSS7.8AI score0.00753EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/30 4:0 p.m.43 views

CVE-2026-10125 Edimax BR-6478AC POST Request formPPPoESetup stack-based overflow

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be...

9CVSS0.00447EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/30 2:55 p.m.11 views

CVE-2018-25424 Gate Pass Management System 2.1 SQL Injection via login-exec.php

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.11 views

Edimax BR-6478AC 命令注入漏洞

The Edimax BR-6478AC is a dual-band Gigabit router produced by Edimax Corporation. The Edimax BR-6478AC version 1.23 has a command injection vulnerability. This vulnerability stems from the operation of the formStaDrvSetup function in the component POST Request Handler, specifically the parameter...

6.5CVSS6.6AI score0.01262EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.14 views

Edimax BR-6478AC 安全漏洞

The Edimax BR-6478AC is a dual-band Gigabit router produced by Edimax Corporation. Version 1.23 of the Edimax BR-6478AC contains a security vulnerability. This vulnerability stems from a function called formPPPoESetup in the component POST Request Handler. The function’s handling of the parameter...

9CVSS7.4AI score0.00447EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.18 views

PT-2026-45129

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack may be initiated remotely. The exploit has...

6.5CVSS5.7AI score0.01262EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/29 2:46 p.m.14 views

EUVD-2018-21914

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...

7.1CVSS6.1AI score0.00273EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 2:16 p.m.22 views

CVE-2026-45610

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA value=false, calls LoginControl::setUser2FAUser::getId, false on the session-authenticated user, and...

6.5CVSS0.0011EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 1:13 p.m.12 views

CVE-2026-45610

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA value=false, calls LoginControl::setUser2FAUser::getId, false on the session-authenticated user, and...

5.7CVSS5.7AI score0.0011EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/29 12:11 p.m.32 views

CVE-2026-9509

CVE-2026-9509 affects Suprema BioStar 2 Server (versions 2.9.8, 2.9.10, 2.9.11). An unhandled exception triggered by unauthenticated HTTP POST requests to the /api/migration endpoint can cause a denial of service, halting critical processes and leaving the system offline until services or the ser...

8.7CVSS5.9AI score0.00351EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 11:16 a.m.20 views

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS0.00196EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 4:47 a.m.13 views

CVE-2026-9803 Keycloak: keycloak: denial of service via malformed authorization header

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...

5.3CVSS5.8AI score0.00417EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/27 8:14 p.m.13 views

CVE-2026-9400

A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument subdir can lead to command injection. It is possible to launch the attack remotely. The...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 5:34 p.m.14 views

EUVD-2026-32615

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

10CVSS6AI score0.01051EPSS
Exploits2References2
EUVD
EUVD
added 2026/05/27 3:47 p.m.13 views

EUVD-2026-32577

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...

7.5CVSS5.8AI score0.00364EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/27 3:47 p.m.66 views

CVE-2026-44321 free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...

7.5CVSS0.00364EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the PCF’s HandleCreateSmPolicyRequest handler, which encountered a null pointer dereferencing when UDR returne...

7.5CVSS5.8AI score0.00404EPSS
Exploits1References4
Rows per page
Query Builder