Gotenberg 代码问题漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Version 8.29.1 of Gotenberg contains a code vulnerability. This vulnerability stems from the FilterDeadline function, which returns nil unconditionally when...

EUVD-2026-12786

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

MiracleLinux 7 : php-5.4.16-48.0.3.el7.AXS7 (AXSA:2024-9004:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9004:04 advisory. CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer CVEs: CVE-2024-8925 In PHP versions 8.1...

TOTOLINK T6 注入漏洞

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. TOTOLINK T6 suffers from a command injection vulnerability that stems from the parameter ip of the function clearPairCfg in the file /cgi-bin/cstecgi.cgi in the...

mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

A flaw was found in modauthopenidc, an OpenID Connect authentication module for Apache HTTP Server. This vulnerability allows unauthenticated users to access protected content via crafted HTTP POST requests to protected resources when no application-level gateway is present...

The vulnerability of the XMPP protocol (Extensible Messaging and Presence Protocol), which is used by the Jitsi Meet video conferencing software, allows a hacker to disclose meeting passwords.

The vulnerability of the Jitsi Meet software, a video conferencing solution based on the XMPP protocol, is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow a malicious actor to retrieve meeting passwords through HTTP POST requests...

UBUNTU-CVE-2024-47850

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...

CVE-2022-38375

An improper authorization vulnerability CWE-285 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...

CVE-2022-29593

relaycgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request...

The vulnerability of the NX-API implementation for Cisco NX-OS router systems allows a hacker to execute arbitrary commands.

The vulnerability of the NX-API implementation for Cisco NX-OS router systems involves the failure to eliminate special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending a specially crafted HTTP POST request...

CVE-2019-3994

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieveurl to use a freed variable...