CVE-2026-9420

A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...

KLiK SocialMediaWebsite 安全漏洞

KLiK SocialMediaWebsite is a simple PHP-based social media website by the individual developer Muhammad Saad. A security vulnerability exists in KLiK SocialMediaWebsite version 1.0, which originates from the HTTP GET Request Parameter Handler component and could lead to injection...

CVE-2026-6490 QueryMine sms GET Request Parameter deletecourse.php sql injection

A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated...

CVE-2026-1122

A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/workinfo.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

EUVD-2023-34112

Malicious code in bioql PyPI...

CVE-2010-20112

Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including...

CVE-2025-40726

Reflected Cross-Site Scripting XSS vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter...

CVE-2025-40726 Cross-Site Scripting (XSS) reflected in Nosto

Reflected Cross-Site Scripting XSS vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter...

CVE-2025-40726

CVE-2025-40726 is a reflected XSS vulnerability in Nosto exposed on the /pages/search-results-page endpoint. The issue allows an attacker to trigger arbitrary code execution via the q GET parameter. The CVSS base score is 5.1 (Medium); attack vector is network, with low attack complexity, no priv...

CVE-2024-11348 Reflected XSS in Eura7 CMSmanager

Eura7 CMSmanager in version 4.6 and below is vulnerable to Reflected XSS attacks through manipulation of return GET request parameter sent to a specific endpoint. The vulnerability has been fixed by a patche patch 17012022 addressing all affected versions in use...

CVE-2023-2646

A vulnerability has been found in TP-Link Archer C7v2 v2enus180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local...

CVE-2023-2646 TP-Link Archer C7v2 GET Request Parameter denial of service

A vulnerability has been found in TP-Link Archer C7v2 v2enus180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local...

CVE-2023-2646 TP-Link Archer C7v2 GET Request Parameter denial of service

A vulnerability has been found in TP-Link Archer C7v2 v2enus180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local...

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in the insufficient cleaning of user data in the GET request parameter, allowing attackers to perform cross-site scripting attacks.

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in insufficient cleaning of user data in the GET request parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks using a specially created link...

OXID eSales SQL Injection Vulnerability

OXID eSales is a set of e-commerce content management system from OXID eSales, Germany. The system includes modules for B2C and B2B. A SQL injection vulnerability exists in the DB abstraction layer of OXID eSales version 4.10.6, which can be exploited by a remote attacker to execute SQL by sendin...

Huawei E5332 vulnerable to denial-of-service (DoS)

Overview Huawei E5332 contains a denial-of-service DoS vulnerability. Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contains an issue when processing a GET request that contains an extremely long parameter, which lead to the device rebooting. Shuto Imai of Chukyo...

kronolith -- arbitrary local file inclusion vulnerability

iDefense Labs reports: Remote exploitation of a design error in Horde's Kronolith could allow an authenticated web mail user to execute arbitrary PHP code under the security context of the running web server. The vulnerability specifically exists due to a design error in the way it includes certa...