CVE-2026-42097

Sparx products show multiple CVEs with concrete details across Pro Cloud Server and Enterprise Architect. CVE-2026-42097 describes an authentication bypass: a request can omit the model parameter and embed the model name in a POST blob, enabling SQL query execution without authentication. CVE-202...

EUVD-2026-22284

CWE-93 Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload...

PT-2026-22039

Name of the Vulnerable Software and Affected Versions TinyWeb versions prior to 2.02 Description TinyWeb is a web server written in Delphi for Win32. Versions prior to 2.02 are susceptible to a Denial of Service DoS condition caused by memory exhaustion. An unauthenticated remote attacker can sen...

CVE-2019-25419

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in...

Improper Neutralization of Special Elements Used in a Template Engine

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to a simple form on site. An attacker can access sensitive...

CVE-2025-9648

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

Linux Distros Unpatched Vulnerability : CVE-2021-20109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset...

CVE-2023-22487

Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special @""p syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post...

CVE-2021-20109

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...

Exploit for External Control of System or Configuration Setting in Moosocial

mooSocial: External HTTP and DNS Service Interaction CVE-2023...

CVE-2021-20109

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...

Design/Logic Flaw

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...

CVE-2020-27459

Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed...

CVE-2020-8142

A security restriction bypass vulnerability has been discovered in Revive Adserver version 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was howev...

Security feature bypass

A security restriction bypass vulnerability has been discovered in Revive Adserver version 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was howev...

TRENDnet TV-IP110WN and TV-IP121WN Buffer Overflow Vulnerability

The TRENDnet TV-IP110WN is a wireless Internet surveillance camera.The TRENDnet TV-IP121WN is an Internet camera solution for monitoring... A buffer overflow vulnerability exists in the TRENDnet TV-IP110WN and TV-IP121WN. Allows an attacker to hijack the control flow to any attacker-specified...

TRENDnet TEW-632BRP and TEW-673GRU Buffer Overflow Vulnerabilities

TRENDnet TEW-632BRP is a router.TRENDnet TEW-673GRU is a dual-band green router. A buffer overflow vulnerability exists in the TRENDnet TEW-632BRP and TEW-673GRU. This allows an attacker to hijack control flow by building a POST request payload via authentication to any attacker-specified locatio...

Joomla Gallery WD SQL Injection

Exploit Title: Joomla Gallery WD - SQL Injection Vulnerability Google Dork: inurl:option=comgallerywd Date: 29.03.2015 Exploit Author: CrashBandicot @DosPerl Vendor HomePage: http://web-dorado.com/ Source Component :...