1840 matches found
CVE-2025-2717
CVE-2025-2717 concerns the D-Link DIR-823X family (versions 240126/240802). The vulnerability affects the HTTP POST Request Handler’s diag_nslookup routine, specifically function sub_41710C. By manipulating the argument target_addr, an attacker can induce an OS command injection. The issue is exp...
PT-2025-12693 · H3C · H3C Magic Be18000 +4
Name of the Vulnerable Software and Affected Versions: H3C Magic NX15 versions up to V100R014 H3C Magic NX30 Pro versions up to V100R014 H3C Magic NX400 versions up to V100R014 H3C Magic R3010 versions up to V100R014 H3C Magic BE18000 versions up to V100R014 Description: A critical vulnerability...
PT-2025-12689 · H3C · H3C Magic Nx30 Pro
Name of the Vulnerable Software and Affected Versions: H3C Magic NX30 Pro up to V100R007 Description: A critical vulnerability was found in the H3C Magic NX30 Pro, affecting an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads...
PT-2025-12694 · H3C · H3C Magic Be18000 +4
Name of the Vulnerable Software and Affected Versions: H3C Magic NX15 versions up to V100R014 H3C Magic NX30 Pro versions up to V100R014 H3C Magic NX400 versions up to V100R014 H3C Magic R3010 versions up to V100R014 H3C Magic BE18000 versions up to V100R014 Description: A critical issue affects...
PT-2025-12688 · H3C · H3C Magic Be18000 +4
Name of the Vulnerable Software and Affected Versions: H3C Magic NX15 versions up to V100R014 H3C Magic NX30 Pro versions up to V100R014 H3C Magic NX400 versions up to V100R014 H3C Magic R3010 versions up to V100R014 H3C Magic BE18000 versions up to V100R014 Description: A critical vulnerability...
PT-2025-12692 · H3C · H3C Magic Be18000 +4
Name of the Vulnerable Software and Affected Versions: H3C Magic NX15 versions up to V100R014 H3C Magic NX30 Pro versions up to V100R014 H3C Magic NX400 versions up to V100R014 H3C Magic R3010 versions up to V100R014 H3C Magic BE18000 versions up to V100R014 Description: A critical vulnerability...
CVE-2025-2607
A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to...
CVE-2024-7476
A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/id/versions endpoint. This issue is resolved in version 1.4....
CVE-2024-7476
A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/id/versions endpoint. This issue is resolved in version 1.4....
CVE-2024-7476
A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/id/versions endpoint. This issue is resolved in version 1.4....
CVE-2024-7476
The CVE-2024-7476 issue is a broken access control in lunary-ai/lunary versions 1.2.7 through 1.4.2. The root cause is improper access control on the /v1/templates/{id}/versions endpoint, which allows an authenticated attacker to modify any user’s templates by sending a crafted HTTP POST request....
CVE-2024-7476 Broken Access Control in lunary-ai/lunary
A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/id/versions endpoint. This issue is resolved in version 1.4....
CVE-2024-7476 Broken Access Control in lunary-ai/lunary
A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/id/versions endpoint. This issue is resolved in version 1.4....
PT-2025-12185 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.7 through 1.4.2 Description: A broken access control issue exists, allowing an authenticated attacker to modify any user's templates. This is achieved by sending a crafted HTTP POST request to the...
D-Link DAP-1562 Null Pointer Dereference Vulnerability
The D-Link DAP-1562 is a wireless bridge from China's AUO D-Link. The D-Link DAP-1562 suffers from a null pointer dereference vulnerability, which originates from a null pointer dereference to parameter a1 in the HTTP POST Request Handler's function pureauthcheck, for which no detailed...
CVE-2021-37787
The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module...
CVE-2024-50704
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request...
CVE-2024-50704
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request...
CVE-2024-50704
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request...
CVE-2024-50704
The CVE details an unauthenticated remote code execution in Uniguest Tripleplay before 24.2.1, exploitable via a specially crafted HTTP POST. Affected component: Tripleplay software; vulnerability arises from the HTTP POST handling. Impact is rated HIGH/CRITICAL (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:C...