1004 matches found
EUVD-2026-36784
Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...
CVE-2026-50882
An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service DoS via a crafted POST request...
PT-2026-49320
An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service DoS via a crafted POST request...
PT-2026-49323
Name of the Vulnerable Software and Affected Versions anna-is-cute paste version 0.1.1 Description A flaw in the '/api/v0/pastes' endpoint allows attackers to cause a Denial of Service DoS, which is a condition where a service becomes unavailable to its intended users, by sending a specially...
CVE-2026-50882
An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2026-50879
The vulnerability CVE-2026-50879 affects Andrei Marcu linx-server v2.3.8, specifically the uploadPostHandler component. A crafted POST request can trigger a Denial of Service (DoS). The connected sources confirm the issue but do not provide exploit details or a remediation patch/version. There is...
CVE-2026-50879
An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2026-39170
SemCms 5.0 is vulnerable to Cross Site Request Forgery CSRF via crafted POST request to /admin/semcmsuser.php...
PT-2026-48214
SemCms 5.0 is vulnerable to Cross Site Request Forgery CSRF via crafted POST request to /admin/semcms user.php...
EUVD-2026-34898
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD...
CVE-2026-36576
An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...
CVE-2026-36576
The vulnerability CVE-2026-36576 affects the openlabs docker-wkhtmltopdf-aas project, specifically the app.py component, with evidence across NVD and related feeds. Up to commit 9f50579, an OS command injection allows an attacker to execute arbitrary commands via a crafted POST request. The CVSS ...
CVE-2026-36576
An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...
CVE-2026-34579 MantisBT has an authorization bypass via private issue monitoring
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...
CVE-2023-24215
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...
CVE-2023-24215
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...
MantisBT has an authorization bypass in private issue monitoring
Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a private issue they do not have access to. Despite displaying an Access Denied error, the application accepts the request and creates a monitor relationship for the private...
GHSA-GGW7-9675-6V4V MantisBT has an authorization bypass in private issue monitoring
Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a private issue they do not have access to. Despite displaying an Access Denied error, the application accepts the request and creates a monitor relationship for the private...
EUVD-2021-34796
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...
CVE-2026-7841
GV-ASWeb 6.2.0 contains a remote code execution via the ASWebCommon.srf backend when an authenticated user with System Setting permissions sends a crafted HTTP POST to bypass frontend restrictions. CVSSv3.1: 8.8 (HIGH), AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Exploitation status is not provided in t...