Lucene search
K

14 matches found

NVD
NVD
added 2026/06/04 3:16 p.m.14 views

CVE-2026-28318

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS0.10659EPSS
Exploits2References3
EUVD
EUVD
added 2026/06/04 2:5 p.m.15 views

EUVD-2026-34268

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS5.8AI score0.10659EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-46239

Name of the Vulnerable Software and Affected Versions SolarWinds Serv-U versions prior to 15.5.4 Hotfix 1 Description SolarWinds Serv-U is susceptible to uncontrolled resource consumption when processing compressed HTTP request bodies. An unauthenticated remote attacker can trigger a...

7.8CVSS6.1AI score0.10659EPSS
Exploits2References78
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from SMF failing to include the necessary inbound OAuth2 middleware when mounting UPI management routing groups. Th...

7.5CVSS5.8AI score0.00364EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/17 9:31 p.m.13 views

EUVD-2026-23498

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

7.5CVSS5.8AI score0.00285EPSS
Exploits0References4
NVD
NVD
added 2026/04/17 8:16 p.m.7 views

CVE-2026-40461

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

7.5CVSS0.00285EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/15 1:58 p.m.31 views

CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS0.00241EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.14 views

Next.js Framework 15.x < 15.6.0-canary.61 / 16.x < 16.1.5 PPR Resume Endpoint DoS (GHSA-5f7q-jpqc-wp7h)

The Next.js Framework on the remote host is affected by a denial of service vulnerability: - A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.9 views

CVE-2019-16261

Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this...

9.1CVSS7.5AI score0.02755EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2025/05/13 4:2 p.m.4 views

mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

A flaw was found in modauthopenidc, an OpenID Connect authentication module for Apache HTTP Server. This vulnerability allows unauthenticated users to access protected content via crafted HTTP POST requests to protected resources when no application-level gateway is present...

8.2CVSS5.8AI score0.00542EPSS
Exploits0References6
NVD
NVD
added 2019/09/12 3:15 p.m.15 views

CVE-2019-16261

Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this...

9.1CVSS9.3AI score0.02755EPSS
Exploits2References3
Prion
Prion
added 2019/09/12 3:15 p.m.13 views

Design/Logic Flaw

Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already...

8.5CVSS9.2AI score0.02755EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2019/09/12 2:7 p.m.83 views

CVE-2019-16261

CVE-2019-16261 affects Tripp Lite PDUMH15AT (firmware 12.04.0053) and SU750XL (firmware 12.04.0052). Affected devices allow unauthenticated POST requests to the /Forms/ directory, enabling actions such as changing the manager/admin passwords or shutting off power to an outlet. The vendor notes a ...

9.1CVSS9.4AI score0.02755EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2008/09/04 5:41 p.m.5 views

CVE-2008-3909

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified requests...

6.9AI score
Exploits0References10
Rows per page
Query Builder