CVE-2026-12808

A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This manipulation of the argument interface causes command injection. The attack can be initiated remotely. The exploit has been publicl...

CVE-2026-12807

The CVE affects Edimax BR-6478AC V2, version 1.23, where the vulnerable component is the POST Request Handler function setWAN (file /goform/setWAN). Maliciously crafted values for pppUserName, pptpUserName, or L2TPUserName enable command injection, allowing a remote attacker to execute commands. ...

CVE-2026-50879

The vulnerability CVE-2026-50879 affects Andrei Marcu linx-server v2.3.8, specifically the uploadPostHandler component. A crafted POST request can trigger a Denial of Service (DoS). The connected sources confirm the issue but do not provide exploit details or a remediation patch/version. There is...

WordPress plugin Easy Twitter Feeds 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

CVE-2026-9441

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing a manipulation of the argument rootAPmac results in command injection. The attack can be initiated...

CVE-2026-9382

A flaw has been found in Edimax BR-6675nD 1.12. Affected by this issue is the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Executing a manipulation of the argument pptpUserName can lead to buffer overflow. The attack may be launched remotely. The...

PT-2026-42974

Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description Command injection is possible via the POST Request Handler component. The issue exists in the formWlanMP function within the '/goform/formWlanMP' endpoint. A remote attacker can trigger this by...

CVE-2026-9297 Edimax BR-6428NS POST Request formWlbasic command injection

A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The...

CVE-2026-9297

A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The...

PT-2026-42875

A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The...

Edimax BR-6228NC 注入漏洞

The Edimax BR-6228NC is a wireless broadband router produced by Edimax Corporation. Version 1.22 of the Edimax BR-6228NC has a vulnerability known as “injection flaw.” This flaw arises from the function mp in the POST Request Handler component, which processes the command parameter. The improper...

YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`

Issue Details: YAFNET's only admin authorization gate is PageSecurityCheckAttribute, implemented as a ResultFilterAttribute that runs after the page handler completes rather than before it. No other gate exists. Any admin OnPost… handler therefore executes its side effects before the filter...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: kprobes: The posthandler of aggrprobe is cleared in the case where kprobe-on-ftrace is used. In unregisterkprobetop, if the currently unregistered probe has a posthandler, but other child probes of aggrprobe do not have a...

CVE-2026-7229 code-projects Coaching Management System POST reply.php sql injection

A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the...

Code-Projects Coaching Management System 注入漏洞

The Code-Projects Coaching Management System is an open-source coaching management system developed by Code-Projects. Version 1.0 of the Code-Projects Coaching Management System has a SQL injection vulnerability. This vulnerability stems from the complaintreply parameter in the...

VulnCheck KEV: CVE-2023-3793

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC 1.4.2 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the UDR service, where open-ended failure request handling was flawed. As a result, the POST handler...

CVE-2026-5642

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request Handler. This manipulation of the argument Name causes improper authorization. It ...

CVE-2026-5001 PromtEngineer localGPT server.py do_POST unrestricted upload

A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function doPOST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publishe...

CVE-2026-4572

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /viewproduct.php of the component HTTP POST Request Handler. Executing a manipulation of the argument searchtxt can lead to sql injection. The attack m...