7801 matches found
CVE-2025-41766
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
EUVD-2025-208379
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
CVE-2025-41766 Stack buffer overflow on parsing web request
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
CVE-2025-41766 Stack buffer overflow on parsing web request
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the std::regex process in multipart filename parsing. An attacker can cause the server to crash by sending a specially crafted HTTP POST request with a malicious filename parameter, leading to uncontrolled...
CVE-2026-29076
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...
EUVD-2018-21632
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dcaresetpw.php with parameters updateuser, pass, pass2, and submitreset to...
CVE-2018-25200
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...
CVE-2018-25191 Facturation System 1.0 SQL Injection via editar_producto.php
Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'modid' parameter. Attackers can send POST requests to the editarproducto.php endpoint with crafted SQL payloads in the modid...
CVE-2018-25190
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username,...
CVE-2018-25186 Tina4 Stack 1.0.3 Cross-Site Request Forgery via profile
Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user...
CVE-2018-25186
CVE-2018-25186 affects Tina4 Stack 1.0.3 and describes a cross-site request forgery on the /kim/profile endpoint that lets attackers modify administrator credentials via forged POST requests without authentication. The vulnerability enables unauthorized modification of admin user data (e.g., pass...
CVE-2018-25178
CVE-2018-25178 affects Easyndexer 1.0 and describes an arbitrary file download vulnerability in showtif.php. The issue allows unauthenticated attackers to download sensitive files by sending POST requests with arbitrary file paths in the file parameter, enabling access to configuration and initia...
CVE-2018-25178
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like...
CVE-2018-25177
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dcaresetpw.php with parameters updateuser, pass, pass2, and submitreset to...
CVE-2018-25177
CVE-2018-25177 : Data Center Audit 2.6.2 has a cross-site request forgery that lets attackers reset the administrator password without authentication by posting to dca_resetpw.php with parameters updateuser, pass, pass2, and submit_reset. This enables administrative access. CVSS metrics are provi...
CVE-2026-28501 WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...
PT-2026-23689
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dca resetpw.php with parameters updateuser, pass, pass2, and submit reset t...
CVE-2026-28781
Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...
CVE-2025-70231
D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability...