Lucene search
+L

75 matches found

Cvelist
Cvelist
added 2025/05/20 7:31 p.m.27 views

CVE-2025-4997 H3C R2+ProG HTTP POST Request aspForm SetAPInfoById denial of service

A vulnerability, which was classified as problematic, was found in H3C R2+ProG up to 200R004. Affected is the function UpdateWanParams/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList/EditBasicSSID/EditGuestSSIDFor2P4G/EditBasicSSID5G/SetAPInfoById of the file /goform/aspForm of the componen...

7.1CVSS0.00441EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/28 12:0 a.m.8 views

CVE-2025-28220

Tenda W6S v1.0.0.4510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request...

6.7AI score0.00448EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/02/13 12:0 a.m.10 views

The vulnerability in the form2alg.cgi script of the D-Link DIR-816A router’s software allows a hacker to execute arbitrary code.

The vulnerability of the form2alg.cgi script in the microprogramming software of the D-Link DIR-816A2 router is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTTP POST request...

10CVSS8.2AI score0.00492EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/07 3:0 p.m.8 views

CVE-2025-1103 D-Link DIR-823X HTTP POST Request set_wifi_blacklists null pointer dereference

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function setwifiblacklists of the file /goform/setwifiblacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereferenc...

7.1CVSS6.9AI score0.1302EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.6 views

H3C N12 V100R005 安全漏洞

The H3C N12 V100R005 is a wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C N12 V100R005 version, which stems from a lack of length validation in the 5G wireless network processing function, which could lead to an attacker crashing a remote target device or...

9.8CVSS7.1AI score0.00738EPSS
Exploits0References1
OSV
OSV
added 2024/12/16 1:14 p.m.15 views

SUSE-SU-2024:4327-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2024-30251: Fixed infinite loop on specially crafted POST request bsc1223726...

7.5CVSS7.5AI score0.01094EPSS
Exploits0References3
NVD
NVD
added 2024/12/12 9:15 a.m.11 views

CVE-2024-21574

The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or...

10CVSS0.01107EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/12 8:15 a.m.76 views

CVE-2024-21574

The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or...

10CVSS0.01107EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/12 8:15 a.m.8 views

CVE-2024-21574

The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or...

10CVSS7.7AI score0.01107EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/03 12:0 a.m.5 views

Zyxel VMG8825-T50K 安全漏洞

The Zyxel VMG8825-T50K is an Internet access device from China Hopkins Zyxel. A security vulnerability exists in Zyxel VMG8825-T50K V5.50 ABOM.8.4 version C0 and prior versions. An attacker can exploit the vulnerability by sending a specially crafted HTTP POST request to cause the program to deny...

7.5CVSS6.6AI score0.00499EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/10/22 12:0 a.m.5 views

The vulnerability of the SetVLANSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers allows a hacker to execute arbitrary commands.

The vulnerability of the SetVLANSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

8CVSS5.8AI score0.0209EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/06/26 12:0 a.m.12 views

PT-2024-28407 · Skycaiji · Skycaiji

Name of the Vulnerable Software and Affected Versions: skycaiji version 2.8 Description: An issue in skycaiji allows attackers to run arbitrary code via a crafted POST request to the "/index.php?s=/admin/develop/editor save" API endpoint. Recommendations: For skycaiji version 2.8, consider...

9.8CVSS6.8AI score0.00492EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 6:15 p.m.26 views

Cross site request forgery (csrf)

An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the path '/pdf'...

7.5AI score0.01024EPSS
Exploits2References1
OSV
OSV
added 2023/08/17 1:15 p.m.6 views

CVE-2023-38902

A command injection vulnerability in RG-EW series home routers and repeaters v.EW3.01B11P219, RG-NBS and RG-S1930 series switches v.SWITCH3.01B11P219, RG-EG series business VPN routers v.EG3.01B11P219, EAP and RAP series wireless access points v.AP3.01B11P219, and NBC series wireless controllers...

8.8CVSS6.1AI score0.02187EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/07/31 12:0 a.m.28 views

Ruijie Networks Product 代码注入漏洞

Ruijie Networks Product is a series of Ruijie wireless products from China-based Ruijie Networks. A security vulnerability exists in the Ruijie Networks Product that originates from an API privilege that allows a remote attacker to escalate via a POST request to /cgi-bin/luci/ and affects the...

9.8CVSS8.4AI score0.01523EPSS
Exploits0References2
OSV
OSV
added 2023/07/26 2:15 p.m.4 views

CVE-2022-43712

POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965...

6.5CVSS7.3AI score0.00392EPSS
Exploits0References2
Snyk
Snyk
added 2023/02/14 11:25 a.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /server/theme endpoint. Scripts can be run by sending a POST request with a Content-Type value beginning with "image/". Details Cross-site scripting or XSS is a code vulnerability that occurs when an...

8.8CVSS5.3AI score0.00556EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/02/02 12:0 a.m.5 views

CVE-2022-46552

D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution RCE vulnerability via the lan0dhcpsstaticlist parameter. This vulnerability is exploited via a crafted POST request...

8.7AI score0.10503EPSS
Exploits4References7
Vulnrichment
Vulnrichment
added 2022/12/01 12:0 a.m.8 views

CVE-2022-4249 Movie Ticket Booking System POST Request cross site scripting

A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Affected is an unknown function of the component POST Request Handler. The manipulation of the argument ORDERID leads to cross site scripting. It is possible to launch the attack remotely. The exploit...

3.5CVSS6.2AI score0.00356EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/08 12:0 a.m.15 views

PT-2022-13797 · WordPress · Discy

Name of the Vulnerable Software and Affected Versions: Discy WordPress theme versions prior to 5.0 Description: The issue allows any logged-in users, with privileges as low as Subscriber, to change theme options by sending a crafted POST request to the "discy update options" action due to a lack ...

6.5CVSS6.4AI score0.00645EPSS
Exploits2References5
Rows per page
Query Builder