Lucene search
K

7797 matches found

Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.9 views

PT-2026-8314

Name of the Vulnerable Software and Affected Versions Comfast CF-E4 version 2.6.0.1 Description A flaw exists in Comfast CF-E4 that allows for remote command injection. The issue is located within the HTTP POST Request Handler component, specifically in the file...

5.8CVSS5.1AI score0.18248EPSS
Exploits1References8
OSV
OSV
added 2026/02/15 2:16 p.m.5 views

CVE-2019-25376

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogAC...

6.1CVSS5.7AI score
Exploits0References4
OSV
OSV
added 2026/02/15 2:16 p.m.5 views

CVE-2019-25370

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...

6.1CVSS5.6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/15 1:58 p.m.5 views

CVE-2019-25372 OPNsense 19.1 Reflected XSS via diag_traceroute.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS5.6AI score0.00241EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/15 1:58 p.m.7 views

EUVD-2019-19425

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...

6.1CVSS5.6AI score0.00232EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/13 7:21 a.m.12 views

CVE-2026-26235

JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication...

8.7CVSS5.6AI score0.01784EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2026/02/12 2:31 a.m.5 views

CVE-2026-26235 JUNG Smart Visu Server 1.1.1050 - 'JUNG Smart Visu Server' Missing Authentication

JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication...

8.7CVSS5.6AI score0.01784EPSS
Exploits5References2
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.7 views

PT-2026-7815

JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication...

8.7CVSS5.6AI score0.01784EPSS
Exploits5References3
Vulnrichment
Vulnrichment
added 2026/02/07 4:2 a.m.5 views

CVE-2026-2074 O2OA HTTP POST Request check xml external entity reference

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS5.4AI score0.00266EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/07 4:2 a.m.4 views

CVE-2026-2074

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS5.2AI score0.00266EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/07 4:2 a.m.36 views

CVE-2026-2074 O2OA HTTP POST Request check xml external entity reference

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS0.00266EPSS
Exploits1References5
NVD
NVD
added 2026/02/07 12:15 a.m.5 views

CVE-2020-37106

Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with...

5.3CVSS0.00181EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.5 views

O2OA 代码问题漏洞

O2OA is an open-source enterprise application development platform developed by O2OA. Versions of O2OA 9.0.0 and earlier contained code vulnerabilities due to XML external entity references in the HTTP POST request handler...

6.5CVSS6.7AI score0.00266EPSS
Exploits1References6
NVD
NVD
added 2026/02/06 5:16 p.m.7 views

CVE-2019-25294

html5snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in addrouteroperation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victi...

6.1CVSS0.00203EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/06 4:41 p.m.28 views

CVE-2019-25294 html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting

html5snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in addrouteroperation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victi...

6.1CVSS0.00203EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/06 4:41 p.m.4 views

CVE-2019-25294 html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting

html5snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in addrouteroperation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victi...

6.4CVSS5.4AI score0.00203EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/06 4:41 p.m.7 views

EUVD-2019-19404

html5snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in addrouteroperation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victi...

6.4CVSS5.4AI score0.00203EPSS
Exploits1References3
CVE
CVE
added 2026/02/06 4:41 p.m.10 views

CVE-2019-25294

The vulnerability (CVE-2019-25294) affects html5_snmp 1.11. A persistent cross-site scripting flaw exists in add_router_operation.php via the Remark parameter. An attacker can send a crafted POST request containing a script payload in Remark, causing arbitrary JavaScript to execute in a victim’s ...

6.4CVSS5.4AI score0.00203EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/06 11:32 a.m.5 views

CVE-2026-2017 IP-COM W30AP POST Request wx3auth R7WebsSecurityHandler stack-based overflow

A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...

10CVSS9AI score0.04332EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/06 11:32 a.m.28 views

CVE-2026-2017 IP-COM W30AP POST Request wx3auth R7WebsSecurityHandler stack-based overflow

A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...

10CVSS0.04332EPSS
Exploits1References6
Rows per page
Query Builder