CVE-2025-1833

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...

CVE-2025-1833

CVE-2025-1833 affects zj1983 zz (up to 2024-8) in the HTTP Request Handler’s function sendNotice. The root cause is manipulation of the parameter url, leading to server-side request forgery (SSRF). Exploitation is described as remote and publicly disclosed. Multiple sources corroborate the same d...

CVE-2025-1833 zj1983 zz HTTP Request Customer_noticeAction.java sendNotice server-side request forgery

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...

CVE-2025-1833 zj1983 zz HTTP Request Customer_noticeAction.java sendNotice server-side request forgery

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...

PT-2025-9219 · Zj1983 · Zj1983

Name of the Vulnerable Software and Affected Versions: zj1983 zz versions up to 2024-8 Description: A critical issue has been found in the function sendNotice of the file src/main/java/com/futvan/z/erp/customer notice/Customer noticeAction.java of the component HTTP Request Handler. The...

CVE-2025-1800

A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function getipaddrdetails of the file /view/vpn/sxhvpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. Th...

CVE-2025-1800

The CVE-2025-1800 entry concerns D-Link DAR-7000 (version 3.2) with a command-injection in the HTTP POST handler: get_ip_addr_details in /view/vpn/sxh_vpn/sxh_vpnlic.php. The ethname parameter is not properly filtered, enabling remote exploitation. Multiple sources (NVD, Red Hat, CNVD, CVE listin...

CVE-2025-1360

A vulnerability, which was classified as problematic, was found in Internet Web Solutions Sublime CRM up to 20250207. Affected is an unknown function of the file /crm/inicio.php of the component HTTP POST Request Handler. The manipulation of the argument msgto leads to cross site scripting. It is...

CVE-2025-1360

Summary: CVE-2025-1360 affects Internet Web Solutions Sublime CRM up to version 20250207. The vulnerability exists in the HTTP POST Request Handler, specifically an unknown function in the file /crm/inicio.php, where manipulation of the msg_to parameter leads to cross-site scripting. It can be ex...

CVE-2025-1357

A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

CVE-2025-1357

CVE-2025-1357 is tied to Seventh D-Guard’s HTTP GET Request Handler path traversal vulnerability affecting versions up to 20250206. The issue allows remote initiation and has public exploit exposure; multiple sources corroborate the path traversal in the HTTP GET Request Handler component. Red Ha...

Seventh D-Guard 路径遍历漏洞

Seventh D-Guard is a multi-brand video surveillance management system from Seventh. A path traversal vulnerability exists prior to Seventh D-Guard version 20250206, which stems from the HTTP GET Request Handler module containing a path traversal issue...

PT-2025-6890 · Unknown · Seventh D-Guard

Name of the Vulnerable Software and Affected Versions: Seventh D-Guard versions up to 20250206 Description: A vulnerability has been found in the HTTP GET Request Handler component of Seventh D-Guard, affecting an unknown part of it. The manipulation leads to path traversal, and it is possible to...

CVE-2025-1105

A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched...

CVE-2025-1105

A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched...

CVE-2025-1105

SiberianCMS 4.20.6 is affected by CVE-2025-1105 due to an issue in the HTTP GET Request Handler: the file /app/sae/design/desktop/flat can be manipulated to trigger cross-site scripting. The vulnerability arises from an unknown functionality in that handler, with remote exploitation and public di...

CVE-2025-1103

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function setwifiblacklists of the file /goform/setwifiblacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereferenc...

CVE-2024-7707

A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow...

CVE-2024-1197

A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql...

CVE-2024-13200

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access...