Fedora 44 : cpp-httplib (2026-2c2afa9f9e)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2c2afa9f9e advisory. Update to 0.37.1 - Fixes Denial of Service via malformed Content-Length header CVE-2026-31870 - Reenable 32b builds Update to 0.37.0 rhbz2441656 -...

CVE-2023-43803

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

CVE-2025-56092

OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

CVE-2024-8748

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50ABOM.8.4C0 could allow an attacker to cause a temporary denial of service DoS condition against the web management interface by sending a crafted HTTP...

CVE-2024-8525

CVE-2024-8525 affects Automated Logic WebCTRL 7.0 (Premium Server). The issue is an unrestricted upload of a file with a dangerous type that an unauthenticated attacker can exploit via a crafted HTTP POST to achieve remote command execution and upload of a malicious file. Multiple connected sourc...

CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...

CVE-2024-1601 SQL Injection in parisneo/lollms-webui

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2022-20650

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...

Heap overflow

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...

CVE-2021-28588

Adobe RoboHelp Server version 2019.0.9 and earlier is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue...

ManageEngine AssentExplorer < 6.8 Unauthenticated Stored XSS

A stored cross-site scripting XSS vulnerability exists in the XML processing logic of asset discovery. By sending a crafted HTTP POST request to /discoveryServlet/WsDiscoveryServlet, a remote, unauthenticated attacker can create an asset containing malicious JavaScript. When an administrator view...

ManageEngine ServiceDesk Plus < 11.2 Build 11200 Unauthenticated Stored XSS

A stored cross-site scripting XSS vulnerability exists in the XML processing logic of asset discovery. By sending a crafted HTTP POST request to /discoveryServlet/WsDiscoveryServlet, a remote, unauthenticated attacker can create an asset containing malicious JavaScript. When an administrator view...

CVE-2019-3996

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests...

CVE-2008-1924

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

Stack overflow

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usbForm?script/. An attacker can leverage this vulnerability to potentially execute arbitrary cod...

PHPUnit 'CVE-2017-9841' RCE Vulnerability (HTTP) - Active Check

PHPUnit is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only nb: - For very large web pages w...

TP-LINK TD-W8151N - Denial of Service

Exploit Title: TP-LINK TD-W8151N - Denial of Service Date: 2016-12-13 Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM Home : http://persian-team.ir/ Tested on: Windows AND Linux Demo : https://www.youtube.com/watch?v=WrGgHvhiCGg POC : flagFresh Parameter Vulnerable POST...

CVE-2016-1380

Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service proxy-process hang via a crafted HTTP POST request, aka Bug ID CSCuo12171...

CVE-2013-5220

goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service device crash via crafted HTTP POST data...