Linux Distros Unpatched Vulnerability : CVE-2022-24999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto...

Malicious code in hash-query-string-assert-catch (npm)

The package hash-query-string-assert-catch was found to contain malicious code...

MAL-2025-22252 Malicious code in hash-query-string-assert-catch (npm)

The package hash-query-string-assert-catch was found to contain malicious code...

📄 VMware vSphere Client 8.0.3.0 Cross Site Scripting

VMware vSphere Client version 8.0.3.0 suffers from a cross site scripting vulnerability. VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Exploit Title: VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Date: 2025-08-08 - Exploit Author: Imraan Khan Lich-Sec...

Foxit Reader Plugin Buffer Overflow Vulnerability

Foxit Reader Plugin is a U.S. Foxit company's PDF reading plug-ins. A buffer overflow vulnerability exists in Foxit Reader Plugin version 2.2.1.530, which stems from incorrect handling of URL query strings and can be exploited by an attacker to cause a buffer overflow and arbitrary code execution...

Mozilla Firefox for Android Open Redirect Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An open redirect vulnerability exists in Mozilla Firefox for Android, which can be exploited by an attacker to conduct a phishing attack by opening a link to the URL specified in the query string...

SUSE CVE-2025-6428

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected.. This vulnerability was fixed in Firefox 140...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An open redirect vulnerability exists in Mozilla Firefox for Android, which can be exploited by an attacker to conduct a phishing attack by opening a link to the URL specified in the query string...

CVE-2025-6334

A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to th...

CVE-2025-6334 D-Link DIR-867 Query String strncpy stack-based overflow

A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to th...

CVE-2025-6334 D-Link DIR-867 Query String strncpy stack-based overflow

A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to th...

D-Link DIR-867 安全漏洞

The D-Link DIR-867 is a wireless router from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-867 version 1.0, which originates from the failure of the strncpy function in the component Query String Handler to correctly validate the length of the input data, and can be...

GetSimple CMS 命令注入漏洞

GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS versions 3.3.16 through 3.3.21, which originates from a specially crafted query string that can be injected into arbitrary PHP code and executed by an authenticated user,...

CVE-2025-5145

A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the file /www/cgi-bin/ of the component Query String Handler. The manipulation leads to command...

CVE-2025-5145

A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the file /www/cgi-bin/ of the component Query String Handler. The manipulation leads to command...

CVE-2025-5145 Netcore POWER13 Query String cgi-bin command injection

A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the file /www/cgi-bin/ of the component Query String Handler. The manipulation leads to command...

CVE-2025-5145 Netcore POWER13 Query String cgi-bin command injection

A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the file /www/cgi-bin/ of the component Query String Handler. The manipulation leads to command...

PT-2025-22856 · Netcore · Netcore Power13 +7

Name of the Vulnerable Software and Affected Versions: Netcore NBR1005GPEV2 versions up to 20250508 Netcore B6V2 versions up to 20250508 Netcore COVER5 versions up to 20250508 Netcore NAP830 versions up to 20250508 Netcore NAP930 versions up to 20250508 Netcore NBR100V2 versions up to 20250508...

CVE-2024-39317

Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...

CVE-2024-7440

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. It is possible to initiate the attack remotel...