Lucene search
K

7797 matches found

OSV
OSV
added 2026/01/12 8:15 p.m.4 views

CVE-2025-51567

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...

9.1CVSS6.1AI score0.00354EPSS
Exploits1References1
NVD
NVD
added 2026/01/12 12:16 p.m.4 views

CVE-2025-40977

Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...

5.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 2026/01/12 12:16 p.m.4 views

CVE-2025-40975

Stored Cross-Site Scripting XSS vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter...

5.1CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/12 11:27 a.m.18 views

CVE-2025-40976 Multiple vulnerabilities in WorkDo products

Stored Cross-Site Scripting XSS vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/ticketgo-saas/home’, using the ‘description’ parameter...

5.1CVSS0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.3 views

WorkDo HRMGo 跨站脚本漏洞

WorkDo HRMGo is a human resource management platform from WorkDo, Inc. in the United States. WorkDo HRMGo suffers from a cross-site scripting vulnerability that stems from insufficient validation of user input for the description parameter when sending a POST request to /hrmgo/ticket/changereply,...

5.1CVSS5.8AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/12 12:0 a.m.21 views

CVE-2025-51567

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...

0.00354EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.4 views

WorkDo HRM SaaS HR and Payroll Tool 跨站脚本漏洞

WorkDo HRM SaaS HR and Payroll Tool is a human resource management software from WorkDo, Inc. WorkDo HRM SaaS HR and Payroll Tool suffers from a cross-site scripting vulnerability that stems from insufficient validation of user input for the description parameter when sending a POST request to...

5.1CVSS5.9AI score0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.7 views

PT-2026-1799

Name of the Vulnerable Software and Affected Versions WorkDo's TicketGo affected versions not specified Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The issue involves sending a POST request to the ''/ticketgo-saas/home'' API...

5.1CVSS5.8AI score0.00251EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.17 views

CVE-2025-67810

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...

6.5CVSS6.8AI score0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/09 9:32 p.m.21 views

CVE-2025-15500 Sangfor Operation and Maintenance Management System HTTP POST Request getHis os command injection

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...

10CVSS0.05593EPSS
Exploits1References5
OSV
OSV
added 2026/01/09 8:15 p.m.5 views

CVE-2025-67810

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...

6.5CVSS5.9AI score0.0033EPSS
Exploits0References2
NVD
NVD
added 2026/01/09 8:15 p.m.5 views

CVE-2025-67810

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...

6.5CVSS0.0033EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:39 p.m.7 views

CVE-2023-43848

Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request...

8CVSS6.5AI score0.00454EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.10 views

CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

9.8CVSS7.3AI score0.00773EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.9 views

CVE-2023-45985

TOTOLINK X5000R V9.1.0u.6118B20201102 and TOTOLINK A7000R V9.1.0u.6115B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS7.5AI score0.00718EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:7 p.m.11 views

CVE-2018-6479

An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI...

7.8CVSS7AI score0.04585EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:5 p.m.12 views

CVE-2018-6407

An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device...

7.8CVSS7AI score0.32801EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.16 views

CVE-2021-33268

D-Link DIR-809 devices with firmware through DIR-809AxFW1.12WWB0320190410 were discovered to contain a stack buffer overflow vulnerability in the function sub8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request...

10CVSS7.9AI score0.03938EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.9 views

CVE-2021-33266

D-Link DIR-809 devices with firmware through DIR-809AxFW1.12WWB0320190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request...

10CVSS7.9AI score0.16873EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.7 views

CVE-2021-33267

D-Link DIR-809 devices with firmware through DIR-809AxFW1.12WWB0320190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request...

10CVSS7.9AI score0.03831EPSS
Exploits1References1
Rows per page
Query Builder