Lucene search
K

7797 matches found

Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.8 views

PT-2026-3550

Name of the Vulnerable Software and Affected Versions Poultry Farm Management System version 1.0 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data when a POST request is made. The following parameters in the '/farm/farmprofile.php'...

5.4CVSS5.4AI score0.00162EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.6 views

PT-2026-3552

HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/category product search', affecting the 'product name' parameter...

5.1CVSS5.5AI score0.00262EPSS
Exploits0References2
OSV
OSV
added 2026/01/19 3:15 p.m.3 views

CVE-2026-1158

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be...

8.7CVSS6.2AI score0.00632EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/19 2:32 p.m.3 views

CVE-2026-1158

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be...

9CVSS6.2AI score0.00632EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/19 11:15 a.m.5 views

CVE-2026-1150

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely...

8.8CVSS5.7AI score0.0235EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/19 10:32 a.m.23 views

CVE-2026-1150 Totolink LR350 POST Request cstecgi.cgi setTracerouteCfg command injection

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely...

6.5CVSS0.0235EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/19 10:32 a.m.4 views

CVE-2026-1150 Totolink LR350 POST Request cstecgi.cgi setTracerouteCfg command injection

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely...

6.5CVSS5.4AI score0.0235EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/19 10:2 a.m.4 views

CVE-2026-1149

A vulnerability was identified in Totolink LR350 9.3.5u.6369B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be initiated remotely. The...

8.8CVSS5.3AI score0.02714EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/01/19 10:2 a.m.32 views

CVE-2026-1149

CVE-2026-1149 affects Totolink LR350; the flaw is in the POST Request Handler’s /cgi-bin/cstecgi.cgi, in the setDiagnosisCfg function. Crafted input to the ip argument enables remote command injection. Exploit is publicly available and could be used, per sources. Affected version: 9.3.5u.6369_B20...

8.8CVSS5.4AI score0.02714EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2026/01/16 7:23 p.m.5 views

Denial Of Service (DoS)

aiohttp is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of POST request bodies when assert statements are bypassed under optimized execution, which allows an attacker to trigger an infinite loop using a specially crafted request and cause a denial of servic...

8.7CVSS5.6AI score0.00337EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/01/16 12:16 a.m.5 views

CVE-2021-47811

Grocery Crud 1.6.4 contains a SQL injection vulnerability in the orderby parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the orderby parameter in POST requests to the ajaxlist endpoint to potentially extract or modify database...

9.1CVSS5.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/15 7:24 p.m.4 views

CVE-2025-71164

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

5.4CVSS5.6AI score0.00194EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.4 views

Easy!Appointments has a security vulnerability.

Easy!Appointments is a web-based appointment and calendar management system developed by Alex Tselegidis. Versions of Easy!Appointments prior to 1.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of CSRF protection for only POST requests, which could allow for...

8.8CVSS5.8AI score0.00203EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.12 views

CVE-2023-54333

Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the projectid parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entir...

8.8CVSS8AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/01/14 7:16 p.m.5 views

CVE-2025-71164

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

5.4CVSS5.5AI score
Exploits0References3
EUVD
EUVD
added 2026/01/14 6:27 p.m.5 views

EUVD-2026-2437

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

4.8CVSS5.1AI score0.00194EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.7 views

PT-2026-2944

Name of the Vulnerable Software and Affected Versions Typesetter CMS versions up to and including 5.1 Description Typesetter CMS versions up to and including 5.1 have a reflected cross-site scripting XSS issue in the Editing component. The images parameter, submitted as images in a POST request, ...

5.4CVSS5.7AI score0.00194EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.5 views

CVE-2025-40976

Stored Cross-Site Scripting XSS vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/ticketgo-saas/home’, using the ‘description’ parameter...

5.1CVSS5.4AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/13 10:51 p.m.21 views

CVE-2022-50909 Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges,...

8.8CVSS0.021EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.4 views

PT-2026-2385

Name of the Vulnerable Software and Affected Versions Algo 8028 Control Panel version 3.3.3 Description Algo 8028 Control Panel version 3.3.3 has a command injection issue in the fm-data.lua endpoint. Authenticated attackers can execute arbitrary commands by exploiting the insecure source...

8.8CVSS8.4AI score0.021EPSS
Exploits0References6
Rows per page
Query Builder