213 matches found
PT-2026-26033
A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...
CVE-2026-4172
A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /pingresponse.cgi of the component HTTP POST Request Handler. The manipulation of the argument pingipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...
CVE-2025-41766
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
CVE-2025-41766
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
CVE-2025-41766 Stack buffer overflow on parsing web request
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
CVE-2025-41766
The CVE-2025-41766 issue is a stack-based buffer overflow found while parsing web requests via the ubr-network method. A low-privileged remote attacker can exploit a crafted HTTP POST to trigger the overflow, leading to full device compromise. Documented details include the vulnerability type, at...
PT-2026-24036
Name of the Vulnerable Software and Affected Versions MBS UBR-01 Mk II affected versions not specified Description A low-privileged remote attacker can trigger a stack-based buffer overflow by sending a crafted HTTP POST request using the ubr-network method, potentially leading to full device...
CVE-2026-2952
CVE-2026-2952 affects Vaelsys 4.1.0, specifically the HTTP POST Request Handler’s file /tree/tree_server.php. The vulnerability arises from manipulating the xajaxargs argument, enabling remote OS command injection. Exploitation can be performed remotely, and the exploit has been published. Multip...
GHSA-5PQF-54QP-32WX LibreNMS /device-groups name Stored Cross-Site Scripting
Summary /device-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/device-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The...
CVE-2026-2553
A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. This affects an unknown part of the file /home.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Name/Email results in sql injection...
CVE-2026-26187
creationtimestamp| type| source ---|---|--- 2026-02-13 19:22:16+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mera4xe4ue27...
CVE-2026-2074 O2OA HTTP POST Request check xml external entity reference
A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...
CVE-2026-0918
The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated...
CVE-2025-12387
A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...
CVE-2026-1413
A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...
CVE-2026-1413 Sangfor Operation and Maintenance Security Management System HTTP POST Request port_validate portValidate command injection
A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...
CVE-2026-1412 Sangfor Operation and Maintenance Security Management System HTTP POST Request get_clip_img command injection
A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...
MiracleLinux 7 : php-5.4.16-48.0.3.el7.AXS7 (AXSA:2024-9004:04)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9004:04 advisory. CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer CVEs: CVE-2024-8925 In PHP versions 8.1...
CVE-2026-0962
creationtimestamp| type| source ---|---|--- 2026-01-15 00:09:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcgc6zkxnc2m 2026-01-25 13:18:12+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mdaswgjils2a...
Bagisto has HTML Filter Bypass that Enables Stored XSS
Summary A stored Cross-Site Scripting XSS vulnerability exists in Bagisto 2.3.8 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST request before submission. As a result, arbitrary JavaScript can be...