Lucene search
K

7797 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.5 views

CVE-2021-28846

A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\...

6.5CVSS6.7AI score0.00814EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.10 views

CVE-2021-28843

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to applycgi with an unknown action name...

7.5CVSS6.9AI score0.00961EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.6 views

CVE-2021-31226

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...

9.8CVSS7.5AI score0.03155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.12 views

CVE-2022-23342

The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login...

5.3CVSS6.9AI score0.01197EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.10 views

CVE-2022-31324

An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request...

6.5CVSS6.9AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.10 views

CVE-2022-31300

A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

5.4CVSS6.4AI score0.01122EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.10 views

CVE-2022-31277

Xiaomi Lamp 1 v2.0.40066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request...

8.8CVSS7.3AI score0.00559EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:17 a.m.5 views

CVE-2019-18939

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request...

9.8CVSS7.9AI score0.40785EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.8 views

CVE-2019-11564

A cross-site scripting XSS vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request...

6.1CVSS5.5AI score0.02627EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:57 a.m.12 views

CVE-2020-12132

Fifthplay S.A.M.I before 2019.3HP2 allows unauthenticated stored XSS via a POST request...

6.1CVSS5.7AI score0.00672EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.4 views

CVE-2020-10971

An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session...

9.3CVSS7.1AI score0.02662EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.4 views

CVE-2024-34087

An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request...

9.8CVSS8.4AI score0.01189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.15 views

CVE-2024-34995

svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion vulnerability via the dirTemps parameter under com.cym.controller.UserControllerimportOver. This vulnerability allows attackers to delete arbitrary files via a crafted POST request...

4.3CVSS7.2AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.6 views

CVE-2024-39243

An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editorsave...

9.8CVSS7.6AI score0.00492EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.6 views

CVE-2023-4559

A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api=user=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be...

9.8CVSS7.3AI score0.00519EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.8 views

CVE-2018-4028

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POS...

7.8CVSS6.9AI score0.01393EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.7 views

CVE-2023-43800

Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those ...

7.8CVSS6.9AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.5 views

CVE-2023-4617

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions...

10CVSS6.9AI score0.00571EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.10 views

CVE-2022-23771

This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrar...

8.8CVSS7AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.12 views

CVE-2022-37680

An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system Camera, Decoder and Encoder and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security information ID...

7.5CVSS6.8AI score0.00772EPSS
Exploits0References1
Rows per page
Query Builder