CVE-2019-25543

Netartmedia Real Estate Portal 5.0 contains an unauthenticated SQL injection in the page parameter (via index.php) that allows attackers to manipulate queries, potentially bypass authentication and access or modify data. The vulnerability affects the server-side SQL handling of the page field. CV...

EUVD-2010-3057

Malware in sbrugna...

EUVD-2020-22898

Malware in sbrugna...

EUVD-2024-35144

Malicious code in bioql PyPI...

EUVD-2025-16750

Malicious code in bioql PyPI...

EUVD-2022-37493

Malicious code in bioql PyPI...

The vulnerability in the built-in web server boa (/boafrm/formWirelessTbl) of TOTOLINK X15 router microprogramming software allows a intruder to execute arbitrary commands or cause a service failure.

The vulnerability of the built-in web server boa /boafrm/formWirelessTbl of TOTOLINK X15 router microprogramming software is related to the issue where the operation results are written out of the buffer into memory when processing the submit-url parameter. Exploiting this vulnerability allows a...

CVE-2024-56343 IBM Verify Identity Access Digital Credentials denial of service

IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request...

CVE-2024-57479

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/we...

CVE-2022-34576

A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request...

CVE-2022-34212

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...

CVE-2025-46052

CVE-2025-46052 involves WebERP v4.15.2 with an error-based SQL Injection affecting the DEL form field in a POST request to /StockCounts.php. The underlying issue allows an attacker to execute arbitrary SQL and extract sensitive data. Multiple connected sources confirm the vulnerable endpoint and ...

CVE-2025-45020

A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST request...

CVE-2024-54959

Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery CSRF attack through the Favorites component, enabling POST-based Cross-Site Scripting XSS...

CVE-2025-1108

Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into...

CVE-2025-1107

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoi...

CVE-2025-1107 Unverified password change vulnerability in Janto

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoi...

CVE-2024-57473

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to...

The vulnerability of the loginauth function in the /cgi-bin/cstecgi.cgi script of the TOTOLINK CP450 router’s microprogramming system, which allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the loginauth function in the /cgi-bin/cstecgi.cgi script of the TOTOLINK CP450 router’s microprogramming system is related to the issue of data being written outside the buffer in memory when processing the httphost parameter. Exploiting this vulnerability allows a malicious...

OpenEMR has an unspecified vulnerability (CNVD-2024-31488)

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A security vulnerability exists in OpenEMR version 7.0.2. An attacker can exploit...