SourceCodester Sales and Inventory System SQL注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from improper handling of the searchtxt...

CVE-2019-25613

Easy Chat Server 3.1 is affected by a denial-of-service vulnerability where sending an oversized message parameter crashes the service. The exploit flow involves an attacker first establishing a session via the chat.ghp endpoint, then issuing a POST to body2.ghp with an excessively large message ...

CVE-2019-25613 Easy Chat Server 3.1 Denial of Service via message Parameter

Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large...

EUVD-2026-14295

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

CVE-2026-4543

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

CVE-2026-4543

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

PT-2026-26975

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login page can lead to cross site scripting. It is possible to launch the...

EUVD-2026-13816

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

CVE-2026-23536

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

CVE-2026-23536

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

CVE-2026-23536

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

CVE-2026-32757

Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $POST'ecardmessage' value instead of the HTMLPurifier-sanitized $formValues'ecardmessage' when constructing the greeting card HTML. This allows an authenticated attacker to inject...

EUVD-2026-12785

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack...

CVE-2026-22323

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

CVE-2026-22316

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack...

CVE-2026-22317

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

CVE-2026-22323 Cross‑Site Request Forgery in Link Aggregation Configuration

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

CVE-2026-22317 Command Injection Vulnerability in Root CA Certificate Transfer Workflow

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

CVE-2026-22316 Buffer Overflow using TFTP Filename

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack...

CVE-2026-22316

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack...