CVE-2021-41152

OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere o...

EUVD-2013-3857

Malware in sbrugna...

EUVD-2001-0422

Malware in sbrugna...

EUVD-2002-0301

Malware in sbrugna...

EUVD-2015-1894

Malware in sbrugna...

EUVD-2018-15693

Malware in sbrugna...

EUVD-2021-25867

Malware in sbrugna...

EUVD-2025-12638

Malicious code in bioql PyPI...

EUVD-2025-8737

Malicious code in bioql PyPI...

EUVD-2025-3069

Malicious code in bioql PyPI...

CVE-2024-45259

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted...

CVE-2025-24347

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the network configuration file via a crafted HTTP request...

CVE-2025-24348

CVE-2025-24348 affects the web interface of ctrlX OS (Network Interfaces). A remote authenticated, low-privilege attacker can manipulate the wireless network configuration file using a crafted HTTP request. Exploitation status is not detailed in the provided docs; CVSS v3.1 base score is 5.4 (Med...

CVE-2025-40618 SQL injection vulnerability in Bookgy

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

CVE-2025-36625

In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application...

Plane 0.23.1 - Server side request forgery (SSRF)

Exploit Title: Plane - Server side request forgery SSRF Date: 2024-01-13 Exploit Author: Saud Alenazi Vendor Homepage: https://plane.so Software Link: https://github.com/makeplane/plane/releases/tag/v0.23.1 Version: v0.23.1 Tested: Windows 10 x64 Description: A Server-Side Request Forgery SSRF...

CVE-2025-3026 Improper Neutralization of Special Elements vulnerability in EJBCA

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL. In this way, an attacker could insert his...

CVE-2025-0178 WatchGaurd Firebox Host Header Injection Vulnerability

Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious...

CBL Mariner 2.0 Security Update: python-twisted (CVE-2023-46137)

The version of python-twisted installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46137 advisory. - Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when...

CVE-2024-39273

CVE-2024-39273 affects the Wavlink AC3000 router (M33A8.V5030.210505). Talos reports a firmware-update vulnerability in the fw_check.sh script used to fetch updates from two HTTP URLs. The vulnerability arises from lack of authentication and the ability to fetch and validate firmware metadata ove...