Lucene search
K

7797 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.6 views

CVE-2022-31196

Databasir is a database metadata management platform. Databasir = 1.06 has Server-Side Request Forgery SSRF vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code, the url is...

7.6CVSS6.7AI score0.00786EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/09 12:0 a.m.4 views

EUVD-2026-1683

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...

6.5CVSS6.3AI score0.0033EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/09 12:0 a.m.21 views

CVE-2025-67810

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...

0.0033EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.4 views

Sangfor Operation and Maintenance Management System 操作系统命令注入漏洞

Sangfor Operation and Maintenance Management System is an operation and maintenance management system from China's Sangfor. An OS command injection vulnerability exists in Sangfor Operation and Maintenance Management System 3.0.8 and earlier versions, which stems from incorrect manipulation of th...

10CVSS9.7AI score0.05593EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.5 views

PT-2026-1883

Name of the Vulnerable Software and Affected Versions Area9 Rhapsode versions prior to 1.47.4 Description An authenticated attacker can exploit the operation, url, and filename parameters via a POST request to read arbitrary files from the server filesystem. The affected parameters are used in a...

6.5CVSS6.5AI score0.0033EPSS
Exploits0References7
CVE
CVE
added 2026/01/09 12:0 a.m.11 views

CVE-2025-67810

Area9 Rhapsode 1.47.3 is affected. An authenticated attacker can exploit the operation, url, and filename parameters via a POST request to read arbitrary files from the server filesystem. The issue is fixed in version 1.47.4 (and later). The available references confirm the vulnerability is tied ...

6.5CVSS6.4AI score0.0033EPSS
Exploits0References2Affected Software1
F5 Networks
F5 Networks
added 2026/01/08 1:15 a.m.12 views

K000159017: Apache HTTP Server vulnerability CVE-2025-3891

Security Advisory Description A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently,...

7.5CVSS6.7AI score0.01214EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/07 11:52 p.m.4 views

CVE-2026-21875 ClipBucket v5 Vulnerable to Blind SQL Injection through Channel Comments

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

9.8CVSS7.5AI score0.00342EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.17 views

CVE-2013-7471

An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort elemen...

9.8CVSS7.5AI score0.24044EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:34 a.m.12 views

CVE-2019-7564

An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wlsecurity2G.asp URI, the attacker can change the password of the Wi-FI...

9.8CVSS6.9AI score0.0305EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.9 views

CVE-2019-16200

GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the...

7.5CVSS7AI score0.01511EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.9 views

CVE-2019-12185

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...

9CVSS7.8AI score0.18106EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:8 a.m.5 views

CVE-2024-2909

A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itboxpi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command...

9CVSS9.1AI score0.03987EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:8 a.m.5 views

CVE-2024-2271

A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. It is possible to initiate the...

9.8CVSS7.3AI score0.00558EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/06 7:27 a.m.5 views

CVE-2025-69227

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. A remote attacker could exploit this vulnerability by sending a specially crafted POST request to an application using the Request.post method, provided that Python optimizations are enabled. This could lead to ...

8.7CVSS6.4AI score0.00337EPSS
Exploits0References5
OSV
OSV
added 2026/01/06 12:15 a.m.9 views

AZL-73506 CVE-2025-69227 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

8.7CVSS5.9AI score0.00337EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 12:15 a.m.10 views

AZL-73529 CVE-2025-69227 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

8.7CVSS6.5AI score0.00337EPSS
Exploits0References1
OSV
OSV
added 2026/01/02 8:37 p.m.4 views

CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST...

6.3CVSS5.8AI score0.00489EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/31 2:13 a.m.6 views

CVE-2025-15215

A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack...

9CVSS7.3AI score0.00603EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/30 10:41 p.m.23 views

CVE-2022-50791 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via ping.php

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script,...

8.5CVSS0.03353EPSS
Exploits2References5
Rows per page
Query Builder