CVE-2025-50665

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /webkeyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, memgb2312, and memutf8 parameters...

CVE-2025-50661

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /urlrule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log...

CVE-2025-50664

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /usergroup.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...

CVE-2025-50671

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, userid, shibiename, time,...

CVE-2025-50666

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /webpost.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, userid, log, and time...

CVE-2025-50670

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglbwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters...

CVE-2025-50671

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, userid, shibiename, time,...

CVE-2025-50665

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /webkeyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, memgb2312, and memutf8 parameters...

CVE-2025-50665

CVE-2025-50665 describes a buffer overflow in the D-Link DI-8003 (firmware 16.07.26A1) caused by improper handling of input parameters to the /web_keyword.asp endpoint. A crafted HTTP GET request using parameters such as name, en, time, mem_gb2312, and mem_utf8 can trigger the vulnerability. The ...

CVE-2025-50661

CVE-2025-50661 describes a buffer overflow in the D-Link DI-8003 (firmware 16.07.26A1) caused by improper handling of multiple parameters in the /url_rule.asp endpoint. A crafted HTTP GET request including parameters name, en, ips, u, time, act, rpri, and log can trigger the overflow, leading to ...

CVE-2026-5531

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...

CVE-2026-5531

CVE-2026-5531 affects SourceCodester Student Result Management System 1.0. The vulnerability is in the HTTP GET Request Handler, impacting the file /login_credentials.txt where login credentials may be stored in cleartext on disk. The issue can be triggered remotely, and public disclosures exist....

Use of GET Request Method With Sensitive Query Strings

Overview @immich/sdk is an Auto-generated TypeScript SDK for the Immich API Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the transmission of authentication credentials in the password parameter within the HTTP request query string...

CVE-2026-25118

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...

CVE-2025-15620

HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an...

Use of GET Request Method With Sensitive Query Strings

Overview Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings in the OAuth provider callback flow. An attacker can gain unauthorized access to sensitive information by intercepting refresh tokens exposed in URL query parameters through browser...

PT-2026-29669

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.1 Description phpMyFAQ is susceptible to arbitrary file deletion due to missing path traversal validation and CSRF token verification in the MediaBrowserController::index method. Specifically, when the fileRemove...

GHSA-PH84-R98X-2J22 Admidio has Missing CSRF Protection on Registration Approval Actions

Summary The createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which correctly validates the token, these three approval actions read thei...

Admidio has Missing CSRF Protection on Registration Approval Actions

Summary The createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which correctly validates the token, these three approval actions read thei...

CVE-2026-34384 Admidio: Missing CSRF Protection on Registration Approval Actions

Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...