Lucene search
K

7801 matches found

RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.4 views

CVE-2025-41766

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...

8.8CVSS6.2AI score0.00482EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 9:30 a.m.3 views

EUVD-2025-208379

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...

8.8CVSS6.2AI score0.00482EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/09 8:18 a.m.27 views

CVE-2025-41766 Stack buffer overflow on parsing web request

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...

8.8CVSS0.00482EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/09 8:18 a.m.4 views

CVE-2025-41766 Stack buffer overflow on parsing web request

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...

8.8CVSS6.2AI score0.00482EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/07 6:45 p.m.3 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the std::regex process in multipart filename parsing. An attacker can cause the server to crash by sending a specially crafted HTTP POST request with a malicious filename parameter, leading to uncontrolled...

8.2CVSS5.9AI score0.00602EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/03/07 4:8 p.m.3 views

CVE-2026-29076

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

5.9CVSS5.5AI score0.00602EPSS
Exploits1
EUVD
EUVD
added 2026/03/06 3:31 p.m.5 views

EUVD-2018-21632

Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dcaresetpw.php with parameters updateuser, pass, pass2, and submitreset to...

6.9CVSS5.7AI score0.00125EPSS
Exploits0References3
NVD
NVD
added 2026/03/06 1:16 p.m.7 views

CVE-2018-25200

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

8.8CVSS0.00155EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/06 12:19 p.m.30 views

CVE-2018-25191 Facturation System 1.0 SQL Injection via editar_producto.php

Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'modid' parameter. Attackers can send POST requests to the editarproducto.php endpoint with crafted SQL payloads in the modid...

7.1CVSS0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25190

Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username,...

6.9CVSS5.7AI score0.0013EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/06 12:19 p.m.33 views

CVE-2018-25186 Tina4 Stack 1.0.3 Cross-Site Request Forgery via profile

Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user...

6.9CVSS0.00136EPSS
Exploits1References2
CVE
CVE
added 2026/03/06 12:19 p.m.12 views

CVE-2018-25186

CVE-2018-25186 affects Tina4 Stack 1.0.3 and describes a cross-site request forgery on the /kim/profile endpoint that lets attackers modify administrator credentials via forged POST requests without authentication. The vulnerability enables unauthorized modification of admin user data (e.g., pass...

6.9CVSS5.7AI score0.00136EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/06 12:19 p.m.18 views

CVE-2018-25178

CVE-2018-25178 affects Easyndexer 1.0 and describes an arbitrary file download vulnerability in showtif.php. The issue allows unauthenticated attackers to download sensitive files by sending POST requests with arbitrary file paths in the file parameter, enabling access to configuration and initia...

8.7CVSS5.9AI score0.00583EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.5 views

CVE-2018-25178

Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like...

8.7CVSS5.9AI score0.00583EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25177

Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dcaresetpw.php with parameters updateuser, pass, pass2, and submitreset to...

6.9CVSS5.7AI score0.00125EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/06 12:19 p.m.15 views

CVE-2018-25177

CVE-2018-25177 : Data Center Audit 2.6.2 has a cross-site request forgery that lets attackers reset the administrator password without authentication by posting to dca_resetpw.php with parameters updateuser, pass, pass2, and submit_reset. This enables administrative access. CVSS metrics are provi...

6.9CVSS5.7AI score0.00125EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 3:5 a.m.33 views

CVE-2026-28501 WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...

9.8CVSS0.0151EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.8 views

PT-2026-23689

Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dca resetpw.php with parameters updateuser, pass, pass2, and submit reset t...

6.9CVSS5.7AI score0.00125EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/05 7:30 p.m.5 views

CVE-2026-28781

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...

7.1CVSS6AI score0.00326EPSS
Exploits1References1
NVD
NVD
added 2026/03/05 7:16 p.m.11 views

CVE-2025-70231

D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability...

9.8CVSS0.00664EPSS
Exploits1References3
Rows per page
Query Builder