EUVD-2026-27121

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...

CVE-2019-25423 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via proxyconfig

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /korugan/proxyconfig endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with JavaScript payloads in parameters like...

CVE-2019-25370

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...

React Server Components deserialization vulnerability

Added: 12/11/2025 Background React is a Javascript library for building user interfaces. React Server Components are React components designed for running on web servers. Problem A deserialization vulnerability in React Server Components allows a remote attacker to execute arbitrary commands by...

CVE-2020-36885

Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality,...

SUSE CVE-2005-2148

Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the...

mod_auth_mellon denial of service vulnerability (CNVD-2016-02440)

modauthmellon is an Apache module that provides simple SAML Security Assertion Markup Language 2.0 services. A denial of service vulnerability exists in the amreadpostdata function in versions of modauthmellon prior to 0.11.1, which can be exploited by a remote attacker to cause a denial of servi...

Design/Logic Flaw

The amreadpostdata function in modauthmellon before 0.11.1 does not check if the apgetclientblock function returns an error, which allows remote attackers to cause a denial of service segmentation fault and process crash via a crafted POST data...

CVE-2016-2145

The amreadpostdata function in modauthmellon before 0.11.1 does not check if the apgetclientblock function returns an error, which allows remote attackers to cause a denial of service segmentation fault and process crash via a crafted POST data...

Sql injection

SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data...