75 matches found
CVE-2025-4997 H3C R2+ProG HTTP POST Request aspForm SetAPInfoById denial of service
A vulnerability, which was classified as problematic, was found in H3C R2+ProG up to 200R004. Affected is the function UpdateWanParams/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList/EditBasicSSID/EditGuestSSIDFor2P4G/EditBasicSSID5G/SetAPInfoById of the file /goform/aspForm of the componen...
CVE-2025-28220
Tenda W6S v1.0.0.4510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request...
The vulnerability in the form2alg.cgi script of the D-Link DIR-816A router’s software allows a hacker to execute arbitrary code.
The vulnerability of the form2alg.cgi script in the microprogramming software of the D-Link DIR-816A2 router is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTTP POST request...
CVE-2025-1103 D-Link DIR-823X HTTP POST Request set_wifi_blacklists null pointer dereference
A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function setwifiblacklists of the file /goform/setwifiblacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereferenc...
H3C N12 V100R005 安全漏洞
The H3C N12 V100R005 is a wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C N12 V100R005 version, which stems from a lack of length validation in the 5G wireless network processing function, which could lead to an attacker crashing a remote target device or...
SUSE-SU-2024:4327-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2024-30251: Fixed infinite loop on specially crafted POST request bsc1223726...
CVE-2024-21574
The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or...
CVE-2024-21574
The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or...
CVE-2024-21574
The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or...
Zyxel VMG8825-T50K 安全漏洞
The Zyxel VMG8825-T50K is an Internet access device from China Hopkins Zyxel. A security vulnerability exists in Zyxel VMG8825-T50K V5.50 ABOM.8.4 version C0 and prior versions. An attacker can exploit the vulnerability by sending a specially crafted HTTP POST request to cause the program to deny...
The vulnerability of the SetVLANSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers allows a hacker to execute arbitrary commands.
The vulnerability of the SetVLANSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...
PT-2024-28407 · Skycaiji · Skycaiji
Name of the Vulnerable Software and Affected Versions: skycaiji version 2.8 Description: An issue in skycaiji allows attackers to run arbitrary code via a crafted POST request to the "/index.php?s=/admin/develop/editor save" API endpoint. Recommendations: For skycaiji version 2.8, consider...
Cross site request forgery (csrf)
An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the path '/pdf'...
CVE-2023-38902
A command injection vulnerability in RG-EW series home routers and repeaters v.EW3.01B11P219, RG-NBS and RG-S1930 series switches v.SWITCH3.01B11P219, RG-EG series business VPN routers v.EG3.01B11P219, EAP and RAP series wireless access points v.AP3.01B11P219, and NBC series wireless controllers...
Ruijie Networks Product 代码注入漏洞
Ruijie Networks Product is a series of Ruijie wireless products from China-based Ruijie Networks. A security vulnerability exists in the Ruijie Networks Product that originates from an API privilege that allows a remote attacker to escalate via a POST request to /cgi-bin/luci/ and affects the...
CVE-2022-43712
POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /server/theme endpoint. Scripts can be run by sending a POST request with a Content-Type value beginning with "image/". Details Cross-site scripting or XSS is a code vulnerability that occurs when an...
CVE-2022-46552
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution RCE vulnerability via the lan0dhcpsstaticlist parameter. This vulnerability is exploited via a crafted POST request...
CVE-2022-4249 Movie Ticket Booking System POST Request cross site scripting
A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Affected is an unknown function of the component POST Request Handler. The manipulation of the argument ORDERID leads to cross site scripting. It is possible to launch the attack remotely. The exploit...
PT-2022-13797 · WordPress · Discy
Name of the Vulnerable Software and Affected Versions: Discy WordPress theme versions prior to 5.0 Description: The issue allows any logged-in users, with privileges as low as Subscriber, to change theme options by sending a crafted POST request to the "discy update options" action due to a lack ...