7837 matches found
CVE-2026-10127
CVE-2026-10127 affects Edimax BR-6478AC firmware version 1.23. The vulnerability resides in the POST Request Handler function formStaDrvSetup, specifically the /goform/formStaDrvSetup endpoint, where manipulating the argument rootAPmac enables command injection. Exploitation can be remote; public...
CVE-2026-10126 Edimax BR-6478AC POST Request formQoS buffer overflow
A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched remotely. The exploit has...
CVE-2026-10126 Edimax BR-6478AC POST Request formQoS buffer overflow
A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched remotely. The exploit has...
CVE-2026-10126
Edimax BR-6478AC firmware 1.23 has a vulnerability in the POST Request Handler, specifically the formQoS function (/goform/formQoS). Manipulating the selSSID argument causes a buffer overflow, enabling a remote attacker. Public exploit exists. The provided sources do not specify a patched version...
CVE-2026-10125 Edimax BR-6478AC POST Request formPPPoESetup stack-based overflow
A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be...
CVE-2018-25424 Gate Pass Management System 2.1 SQL Injection via login-exec.php
Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...
Edimax BR-6478AC 命令注入漏洞
The Edimax BR-6478AC is a dual-band Gigabit router produced by Edimax Corporation. The Edimax BR-6478AC version 1.23 has a command injection vulnerability. This vulnerability stems from the operation of the formStaDrvSetup function in the component POST Request Handler, specifically the parameter...
Edimax BR-6478AC 安全漏洞
The Edimax BR-6478AC is a dual-band Gigabit router produced by Edimax Corporation. Version 1.23 of the Edimax BR-6478AC contains a security vulnerability. This vulnerability stems from a function called formPPPoESetup in the component POST Request Handler. The function’s handling of the parameter...
PT-2026-45129
A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack may be initiated remotely. The exploit has...
EUVD-2018-21914
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...
CVE-2026-45610
WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA value=false, calls LoginControl::setUser2FAUser::getId, false on the session-authenticated user, and...
CVE-2026-45610
WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA value=false, calls LoginControl::setUser2FAUser::getId, false on the session-authenticated user, and...
CVE-2026-9509
CVE-2026-9509 affects Suprema BioStar 2 Server (versions 2.9.8, 2.9.10, 2.9.11). An unhandled exception triggered by unauthenticated HTTP POST requests to the /api/migration endpoint can cause a denial of service, halting critical processes and leaving the system offline until services or the ser...
CVE-2026-10078
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...
CVE-2026-9803 Keycloak: keycloak: denial of service via malformed authorization header
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...
CVE-2026-9400
A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument subdir can lead to command injection. It is possible to launch the attack remotely. The...
EUVD-2026-32615
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...
EUVD-2026-32577
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...
CVE-2026-44321 free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the PCF’s HandleCreateSmPolicyRequest handler, which encountered a null pointer dereferencing when UDR returne...