7797 matches found
CVE-2025-51567
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...
CVE-2025-40977
Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...
CVE-2025-40975
Stored Cross-Site Scripting XSS vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter...
CVE-2025-40976 Multiple vulnerabilities in WorkDo products
Stored Cross-Site Scripting XSS vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/ticketgo-saas/home’, using the ‘description’ parameter...
WorkDo HRMGo 跨站脚本漏洞
WorkDo HRMGo is a human resource management platform from WorkDo, Inc. in the United States. WorkDo HRMGo suffers from a cross-site scripting vulnerability that stems from insufficient validation of user input for the description parameter when sending a POST request to /hrmgo/ticket/changereply,...
CVE-2025-51567
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...
WorkDo HRM SaaS HR and Payroll Tool 跨站脚本漏洞
WorkDo HRM SaaS HR and Payroll Tool is a human resource management software from WorkDo, Inc. WorkDo HRM SaaS HR and Payroll Tool suffers from a cross-site scripting vulnerability that stems from insufficient validation of user input for the description parameter when sending a POST request to...
PT-2026-1799
Name of the Vulnerable Software and Affected Versions WorkDo's TicketGo affected versions not specified Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The issue involves sending a POST request to the ''/ticketgo-saas/home'' API...
CVE-2025-67810
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...
CVE-2025-15500 Sangfor Operation and Maintenance Management System HTTP POST Request getHis os command injection
A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...
CVE-2025-67810
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...
CVE-2025-67810
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...
CVE-2023-43848
Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request...
CVE-2023-50090
Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...
CVE-2023-45985
TOTOLINK X5000R V9.1.0u.6118B20201102 and TOTOLINK A7000R V9.1.0u.6115B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2018-6479
An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI...
CVE-2018-6407
An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device...
CVE-2021-33268
D-Link DIR-809 devices with firmware through DIR-809AxFW1.12WWB0320190410 were discovered to contain a stack buffer overflow vulnerability in the function sub8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request...
CVE-2021-33266
D-Link DIR-809 devices with firmware through DIR-809AxFW1.12WWB0320190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request...
CVE-2021-33267
D-Link DIR-809 devices with firmware through DIR-809AxFW1.12WWB0320190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request...