CVE-2025-27025

The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...

Freescout set function deserialization vulnerability

FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from the fact that through t...

CVE-2024-5676

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery CSRF attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the system...

CVE-2023-48122

An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method...

CVE-2020-27379

Cross Site Request Forgery CSRF vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password...

CVE-2024-56523

Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...

CVE-2024-56523

Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...

Radware Cloud Web Application Firewall 安全漏洞

Radware Cloud Web Application Firewall is a cloud-based web application firewall from Radware Israel. A security vulnerability exists in Radware Cloud Web Application Firewall versions prior to 2025-05-07, which originates in the HTTP GET method where the body of the HTTP request contains random...

CVE-2024-56523

Summary: CVE-2024-56523 affects Radware Cloud Web Application Firewall (WAF). The vulnerability allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method, potentially enabling malicious inputs to reach the underlying web appl...

CVE-2024-56523

Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...

CVE-2024-56523

Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...

U.S. Dept Of Defense: Cross-Site Scripting via 'autoPlay' parameter

A Cross-Site Scripting XSS vulnerability was discovered on a website through the 'autoPlay' parameter in the GET method. Exploitation of this vulnerability allowed the injection of malicious scripts that could be executed. A proof-of-concept was provided demonstrating an alert pop-up...

U.S. Dept Of Defense: Cross-Site Scripting via 'currentImage' parameter

A Cross-Site Scripting XSS vulnerability was discovered on a website from the U.S. Navy through the 'currentImage' parameter in the GET method. The vulnerability allowed for the injection of malicious scripts that could potentially be executed. A proof of concept was provided that demonstrated th...

RLSA-2024:11189 Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-45803 For more details about the security issues, including the...

scanner has a Public API without sufficient bounds checking

Match::get and Match::ptr lack sufficient bounds checks, leading to potential out of bounds reads...

CVE-2024-9877 Sensitive information submitted using GET method

: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4...

CVE-2024-9877 Sensitive information submitted using GET method

: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4...

CVE-2024-7035

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

CVE-2021-45422

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. No authentication is required...

GHSA-P5VX-9HJ8-CF4H Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF)

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...