378 matches found
EUVD-2022-32144
Malicious code in bioql PyPI...
CVE-2025-55971
TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 Android TV, Kernel 5.4.242+, is vulnerable to a blind, unauthenticated Server-Side Request Forgery SSRF vulnerability via the UPnP MediaRenderer service AVTransport:1. The device accepts unauthenticated SetAVTransportURI SOAP...
CVE-2025-54390
Zimbra Collaboration (ZCS) CVE-2025-54390 is a CSRF in ResetPasswordRequest when zimbraFeatureResetPasswordStatus is enabled. An attacker can trick an authenticated user into visiting a malicious page that silently sends a crafted SOAP request to reset the user’s password due to missing CSRF toke...
CVE-2025-54390
A Cross-Site Request Forgery CSRF vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration ZCS when the zimbraFeatureResetPasswordStatus attribute is enabled. An attacker can exploit this by tricking an authenticated user into visiting a malicious webpage that silently...
Citrix Session Recording deserialization vulnerability
Added: 08/27/2025 CVE: CVE-2024-8069 Background Citrix Session Recording is software for recording and archiving sessions for retrieval and playback. Problem Unsafe object deserialization in Citrix Session Recording could allow a remote attacker to execute arbitrary commands by sending a speciall...
Citrix Session Recording deserialization vulnerability
Added: 08/27/2025 CVE: CVE-2024-8069 Background Citrix Session Recording is software for recording and archiving sessions for retrieval and playback. Problem Unsafe object deserialization in Citrix Session Recording could allow a remote attacker to execute arbitrary commands by sending a speciall...
Linux Distros Unpatched Vulnerability : CVE-2020-13578
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial o...
CVE-2024-51983
An unauthenticated attacker who can connect to the Web Services feature HTTP TCP port 80 can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the...
PT-2025-26816 · Brother Industries +4 · Ads-1250W +651
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated attacker who can connect to the Web Services feature HTTP TCP port 80 can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target...
CVE-2024-12343
A vulnerability classified as critical has been found in TP-Link VN020 F3vT TTV6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be...
CVE-2021-21783
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2014-9237
SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request...
CVE-2011-4504
The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability...
CVE-2019-5055
An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon hostapd on the NETGEAR N300 WNR2000v5 with Firmware Version V1.0.0.70 wireless router. A SOAP request sent in an invalid sequence to the service can cause a null pointer dereference, resulting in the hostapd...
CVE-2020-13577
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2020-13576
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2020-13574
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2024-56829
Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx...
CVE-2024-56829
Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx...
CVE-2024-56829
Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx...