CVE-2026-36611

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

CVE-2026-41412

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accep...

CVE-2026-49448

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1...

CVE-2026-10127

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack may be initiated remotely. The exploit has...

CVE-2026-10164

A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. The manipulation of the argument ShareName/SelectName results in buffer overflow. The attack can be executed remotely. The exploit ha...

Vivotek VIVOTEK FD8136-VVTK 安全漏洞

Vivotek VIVOTEK FD8136-VVTK is a super-miniature fixed dome network camera firmware developed by Vivotek Corporation. The Vivotek VIVOTEK FD8136-VVTK 0300a version contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the motionprivacy.cgi binary file. When t...

EUVD-2026-33969

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

CVE-2026-35716

CVE-2026-35716 describes a stack-based buffer overflow in the motion_privacy.cgi binary of VIVOTEK FD8136 firmware (FD8136-VVTK-0300a). The issue occurs when an oversized n1 parameter in a POST request to endpoints /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or /cgi-bin/admin/setmd_profil...

PT-2026-45622

No-Cms 1.0 contains an SQL injection vulnerability in the order by parameter of the manage privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage privilege/index/export with malicious SQL code in the...

DeepAI 安全漏洞

DeepAI is a generative artificial intelligence platform developed by DeepAI Inc. in the United States. There is a security vulnerability in DeepAI. This vulnerability stems from the endpoint https://api.deepai.org/changeuseremail, which accepts POST requests without CSRF protection. This could...

PT-2026-45617

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

CVE-2026-10166

A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely...

CVE-2026-10163

A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of the argument UserName/Password leads to buffer overflow. Remote exploitation of the attack is...

CVE-2026-10166

A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely...

EUVD-2026-33486

A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely...

CVE-2026-10166 Edimax BR-6478AC POST Request formWlbasic command injection

A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely...

CVE-2026-10166

Edimax BR-6478AC (firmware 1.23) is affected by a vulnerability in the POST Request Handler, specifically the function formWlbasic in /goform/formWlbasic. The issue arises from manipulating the argument rootAPmac, enabling command injection. The vulnerability is exploitable remotely and has been ...

CVE-2026-10165 Edimax BR-6478AC POST Request formWanTcpipSetup stack-based overflow

A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack may be...

CVE-2026-10165 Edimax BR-6478AC POST Request formWanTcpipSetup stack-based overflow

A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack may be...

CVE-2026-10165

The CVE-2026-10165 vulnerability affects Edimax BR-6478AC (firmware 1.23) in the POST Request Handler, specifically the formWanTcpipSetup function. Manipulation of the pppUserName argument causes a stack-based buffer overflow, with remote exploitation possible and a publicly available exploit. No...