CVE-2026-2237

A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information...

CVE-2026-2237

CVE-2026-2237 : A vulnerability in the Synology Storage Manager package (volume encryption) prior to version 1.0.1-1100 arises from using GET requests with sensitive query strings. This allows a local attacker to read sensitive information. Documents identify the affected component as the Storage...

CVE-2018-25365 PCViewer vt1000 Directory Traversal via GET Request

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system...

CVE-2018-25365 PCViewer vt1000 Directory Traversal via GET Request

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system...

CVE-2026-9420

A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...

CVE-2026-9420

CVE-2026-9420 affects KLiK SocialMediaWebsite 1.0 and is associated with the component handling HTTP GET Request Parameters . The issue is a parameter injection vulnerability in that handler, allowing a remote attacker to exploit it. The threat is supported by public exploitation activity. The CV...

KLiK SocialMediaWebsite 安全漏洞

KLiK SocialMediaWebsite is a simple PHP-based social media website by the individual developer Muhammad Saad. A security vulnerability exists in KLiK SocialMediaWebsite version 1.0, which originates from the HTTP GET Request Parameter Handler component and could lead to injection...

Malicious code in orca-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52f7fe46d56cb45880942f5266494a2654d9d330914a6c3c99f02045eacd1dc On require/import, index.js collects host identifiers os.hostname, os.userInfo.username, os.platform, os.arch, process.cwd, process.pid, timestamp an...

CVE-2026-8417 Concrete CMS 9.5.0 and below is vulnerable to CSRF in do_update() in the package update controller

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/doupdate/. The doupdate method in concrete/controllers/singlepage/dashboard/extend/update.php checks only canInstallPackages before executing upgradeCoreData and upgrade on the named...

PT-2026-42537

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/do update/. The do update method in concrete/controllers/single page/dashboard/extend/update.php checks only canInstallPackages before executing upgradeCoreData and upgrade on the...

CVE-2026-8418

The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gccrud function which handles the delete action action=delete via a GET request without any wpverifynonce /...

EUVD-2026-31014

The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gccrud function which handles the delete action action=delete via a GET request without any wpverifynonce /...

CVE-2026-8418

The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gccrud function which handles the delete action action=delete via a GET request without any wpverifynonce /...

PT-2026-42076

Name of the Vulnerable Software and Affected Versions Games Catalog versions prior to 1.2.1 Description The Games Catalog plugin for WordPress is susceptible to Cross-Site Request Forgery, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs because...

CVE-2026-42584

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103,...

ShellHub 安全漏洞

ShellHub is an open-source remote device access and management platform developed by ShellHub. Versions of ShellHub prior to 0.24.2 contained security vulnerabilities. These vulnerabilities stemmed from the GET /api/devices/:uid request, which returned the complete device object for any...

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

PT-2026-40048

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...