CVE-2023-24496

Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...

CVE-2023-47617

A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP reques...

CVE-2023-20259

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for devic...

CVE-2023-20034

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presen...

CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

CVE-2022-43890

IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453...

CVE-2022-21826

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down...

CVE-2022-42977

The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system e.g., an SSH private key to be downloaded...

CVE-2022-3189

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a...

CVE-2022-20942

A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an authenticated, remote attacker to retrieve sensitive information from...

CVE-2022-20962

A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2022-40691

An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-40701

A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-43685

CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts...

CVE-2022-43390

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request...

CVE-2022-40874

Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request...

CVE-2022-41312

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

CVE-2022-0343

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user typically a developer manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2...

CVE-2022-36634

An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5r allows attackers to arbitrarily create admin users via a crafted HTTP request...

CVE-2022-34794

Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...