7797 matches found
CVE-2022-31196
Databasir is a database metadata management platform. Databasir = 1.06 has Server-Side Request Forgery SSRF vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code, the url is...
EUVD-2026-1683
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...
CVE-2025-67810
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...
Sangfor Operation and Maintenance Management System 操作系统命令注入漏洞
Sangfor Operation and Maintenance Management System is an operation and maintenance management system from China's Sangfor. An OS command injection vulnerability exists in Sangfor Operation and Maintenance Management System 3.0.8 and earlier versions, which stems from incorrect manipulation of th...
PT-2026-1883
Name of the Vulnerable Software and Affected Versions Area9 Rhapsode versions prior to 1.47.4 Description An authenticated attacker can exploit the operation, url, and filename parameters via a POST request to read arbitrary files from the server filesystem. The affected parameters are used in a...
CVE-2025-67810
Area9 Rhapsode 1.47.3 is affected. An authenticated attacker can exploit the operation, url, and filename parameters via a POST request to read arbitrary files from the server filesystem. The issue is fixed in version 1.47.4 (and later). The available references confirm the vulnerability is tied ...
K000159017: Apache HTTP Server vulnerability CVE-2025-3891
Security Advisory Description A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently,...
CVE-2026-21875 ClipBucket v5 Vulnerable to Blind SQL Injection through Channel Comments
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...
CVE-2013-7471
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort elemen...
CVE-2019-7564
An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wlsecurity2G.asp URI, the attacker can change the password of the Wi-FI...
CVE-2019-16200
GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the...
CVE-2019-12185
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...
CVE-2024-2909
A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itboxpi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command...
CVE-2024-2271
A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. It is possible to initiate the...
CVE-2025-69227
A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. A remote attacker could exploit this vulnerability by sending a specially crafted POST request to an application using the Request.post method, provided that Python optimizations are enabled. This could lead to ...
AZL-73506 CVE-2025-69227 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...
AZL-73529 CVE-2025-69227 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...
CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS
Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST...
CVE-2025-15215
A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack...
CVE-2022-50791 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via ping.php
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script,...