Lucene search
K

7797 matches found

NVD
NVD
added 2026/02/05 5:16 p.m.6 views

CVE-2020-37117

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and downloadurl parameters to trigger...

8.8CVSS0.00687EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/05 4:13 p.m.3 views

CVE-2020-37117 jizhiCMS 1.6.7 - Arbitrary File Download

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and downloadurl parameters to trigger...

8.8CVSS5.6AI score0.00687EPSS
Exploits1References3
NVD
NVD
added 2026/02/01 1:15 p.m.5 views

CVE-2022-50952

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...

6.4CVSS0.00243EPSS
Exploits0References3
CVE
CVE
added 2026/02/01 12:56 p.m.10 views

CVE-2022-50952

CVE-2022-50952 affects Banco Guayaquil 8.0.0 Mobile iOS application. A persistent cross-site scripting vulnerability exists in the TextBox Name Profile input. An attacker can inject malicious script via a POST request that executes on application review without user interaction. The NVD entry lis...

6.4CVSS5.9AI score0.00243EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/01 12:56 p.m.34 views

CVE-2022-50952 Banco Guayaquil 8.0.0 Mobile iOS Cross-Site Scripting via Profile Name Input

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...

6.4CVSS0.00243EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/01 12:56 p.m.5 views

EUVD-2022-55945

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...

6.4CVSS5.9AI score0.00243EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/30 3:24 a.m.6 views

CVE-2025-63649

An out-of-bounds read in the httpparsertransferencodingchunked function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...

7.5CVSS5.9AI score0.00952EPSS
Exploits1References1
OSV
OSV
added 2026/01/29 8:16 p.m.5 views

CVE-2025-63649

An out-of-bounds read in the httpparsertransferencodingchunked function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...

7.5CVSS5.6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.3 views

CVE-2020-37006

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'srcrecord' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

8.2CVSS6AI score0.00278EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/01/29 2:28 p.m.6 views

EUVD-2020-30917

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'srcrecord' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

8.2CVSS6AI score0.00278EPSS
Exploits0References3
CVE
CVE
added 2026/01/29 2:28 p.m.17 views

CVE-2020-37006

CVE-2020-37006 affects berliCRM 1.0.24, where a SQL injection vulnerability resides in the 'src_record' parameter. An attacker can craft a POST request to index.php to manipulate database queries and potentially extract or modify data. Affected component: src_record parameter handling in berliCRM...

8.2CVSS6AI score0.00278EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/29 12:0 a.m.5 views

EUVD-2025-206530

An out-of-bounds read in the httpparsertransferencodingchunked function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...

5.9AI score0.00952EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/29 12:0 a.m.4 views

CVE-2025-63649

An out-of-bounds read in the httpparsertransferencodingchunked function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...

5.4AI score0.00952EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/29 12:0 a.m.28 views

CVE-2025-63649

An out-of-bounds read in the httpparsertransferencodingchunked function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...

0.00952EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/29 12:0 a.m.5 views

CVE-2025-63649

An out-of-bounds read in the httpparsertransferencodingchunked function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...

5.9AI score0.00952EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.5 views

PT-2026-5333

An out-of-bounds read in the http parser transfer encoding chunked function mk server/mk http parser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...

6AI score0.00952EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 5:35 p.m.7 views

CVE-2020-36969

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...

8.8CVSS5.9AI score0.00419EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/28 3:18 p.m.8 views

CVE-2025-12387

A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...

6.9CVSS6AI score0.00659EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 12:15 p.m.6 views

CVE-2025-59901

Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitordirectory?sid=' endpoint, caused by insufficient validation of the 'monitordirectory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user...

8.5CVSS0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 12:15 p.m.6 views

CVE-2025-59893

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS0.00127EPSS
Exploits0References1
Rows per page
Query Builder