CVE-2026-5642

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request Handler. This manipulation of the argument Name causes improper authorization. It ...

CVE-2026-2952

CVE-2026-2952 affects Vaelsys 4.1.0, specifically the HTTP POST Request Handler’s file /tree/tree_server.php. The vulnerability arises from manipulating the xajaxargs argument, enabling remote OS command injection. Exploitation can be performed remotely, and the exploit has been published. Multip...

CVE-2025-15217

A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely...

EUVD-2025-205504

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2apiopen of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has...

EUVD-2025-205507

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...

CVE-2025-15132 ZSPACE Z4Pro+ HTTP POST Request open zfilev2_api_open command injection

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2apiopen of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has...

EUVD-2025-28712

Malicious code in bioql PyPI...

CVE-2025-10803

A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the...

The vulnerability of the do_file() function in the HTTP POST Request Handler component of D-Link DIR-632 microprogrammed router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the dofile function in the HTTP POST Request Handler component of D-Link DIR-632 microprogrammed router software is related to the issue of data being written outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to compromise the...

CVE-2025-7465

A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerability is the function fromRouteStatic of the file /goform/fromRouteStatic of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can ...

CVE-2025-7460

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748B20211015 and classified as critical. Affected by this vulnerability is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow...

CVE-2025-5672

A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer...

The vulnerability of the HTTP POST Request Handler component in the microprogramming software for TOTOLINK A3002R and A3002RU allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the HTTP POST Request Handler component in the microprogramming software of TOTOLINK A3002R and A3002RU devices is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the...

The vulnerability of the HTTP POST Request Handler component of the /boafrm/formSiteSurveyProfile file in the microprogramming software for router devices A702R, A3002R, and A3002RU allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the HTTP POST Request Handler component of the /boafrm/formSiteSurveyProfile file in the microprogramming software for routers A702R, A3002R, and A3002RU lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an...

The vulnerability of the HTTP POST Request Handler component of the /boafrm/formWirelessTbl file in the microprogramming software for routers A702R, A3002R, and A3002RU allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the HTTP POST Request Handler component of the /boafrm/formWirelessTbl file in the microprogramming software for routers A702R, A3002R, and A3002RU is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an...

CVE-2024-0352

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to...

CVE-2024-12183

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Th...

CVE-2024-7158

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnetenabled leads to command...

PT-2024-15643 · Cxbsoft · Cxbsoft Post-Office

Name of the Vulnerable Software and Affected Versions: CXBSoft Post-Office versions up to 1.0 Description: A critical issue was found in the HTTP POST Request Handler component, specifically in the file /apps/reg go.php. The manipulation of the username reg argument leads to sql injection. The...

PT-2024-15640 · Unknown · Cxbsoft Url-Shorting

Name of the Vulnerable Software and Affected Versions: CXBSoft Url-shorting versions up to 1.3.1 Description: A critical issue has been found in the processing of the file /admin/pages/update go.php of the component HTTP POST Request Handler. The manipulation of the version argument leads to SQL...