797 matches found
CVE-2025-69985
CVE-2025-69985 affects FUXA 1.2.8 and earlier. The issue is an authentication bypass in server/api/jwt-helper.js that improperly trusts the HTTP Referer header, allowing unauthenticated remote access to the protected /api/runscript endpoint and arbitrary Node.js code execution. Public references ...
CVE-2025-69985
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...
CVE-2019-25439
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...
CVE-2019-25439
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...
CVE-2019-25439
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...
CVE-2019-25439
Vulnerability summary (CVE-2019-25439) : NoviSmart CMS contains an SQL injection vulnerability exploitable via the Referer HTTP header. An attacker can craft requests including time-based SQL payloads in the Referer header to execute arbitrary SQL queries, potentially extracting sensitive databas...
CVE-2019-25439 NoviSmart CMS SQL Injection via Referer HTTP Header
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...
CVE-2019-25439 NoviSmart CMS SQL Injection via Referer HTTP Header
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...
NoviSmart CMS SQL注入漏洞
NoviSmart CMS is a content management system developed by the Austrian company NoviSmart. NoviSmart CMS has a SQL injection vulnerability, which stems from the SQL injection present in the Referer HTTP header field. This vulnerability could allow remote attackers to execute arbitrary SQL queries...
PT-2026-21440
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...
CVE-2026-27192
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed...
CVE-2026-27192 Feathers has an origin validation bypass via prefix matching
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed...
GHSA-MP4X-C34X-WV3X Feathers has an origin validation bypass via prefix matching
The origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed origin. The getAllowedOrigin function checks if the Referer header starts with any allowed origin: javascript //...
Feathers has an origin validation bypass via prefix matching
The origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed origin. The getAllowedOrigin function checks if the Referer header starts with any allowed origin: javascript //...
WP Recipe Maker <= 9.1.0 - Reflected XSS via Referer Header
The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. The Referer header value is used directly in the href attribute of the "Back"...
Konica Bizhub Multifunction Printers Stack-based Buffer Overflow (CVE-2024-51979)
An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631. The malformed request will contain an empty Origin header value and a malformed Referer...
CVE-2025-9014
A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N...
CVE-2025-9014
A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N...
CVE-2025-9014
A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N...
CVE-2025-9014 Null Pointer Dereference Vulnerability on TL-WR841N
A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N...