CVE-2026-35906

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...

CVE-2026-35906

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...

EUVD-2026-34276

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...

PT-2026-46242

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...

CVE-2026-10078 Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

OpenClaw 信息泄露漏洞

OpenClaw is an intelligent artificial assistant developed under the OpenClaw open source project. OpenClaw has a vulnerability related to information leakage, which stems from the exposure of sensitive data through authorized URL query strings, potentially leading to credential leaks...

CVE-2026-26196 Gogs: Access tokens get exposed through URL params in API requests

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts tokens in url params like token and accesstoken, which can leak through logs, browser history, and referrers. This issue has been patched in version 0.14.2...

CVE-2025-59873

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...

CVE-2026-22777 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or...

CVE-2026-22777 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or...

PT-2026-2261

Name of the Vulnerable Software and Affected Versions ComfyUI-Manager versions prior to 3.39.2 ComfyUI-Manager versions prior to 4.0.5 Description ComfyUI-Manager, an extension for ComfyUI, is susceptible to arbitrary configuration injection. An attacker can inject special characters into HTTP...

ComfyUI-Manager 注入漏洞

ComfyUI-Manager is an extension from the individual developers of Dr. Lt. Data designed to enhance the usability of ComfyUI. An injection vulnerability exists in ComfyUI-Manager versions prior to 3.39.2 and 4.0.5, which allows an attacker to inject special characters into HTTP query parameters in...

CVE-2025-10955

The CVE-2025-10955 entry affects Netcad Netigma: improper neutralization of input during web page generation (XSS) via HTTP query strings. Concrete details across connected records indicate affected versions include Netigma 6.3.5 before 6.3.5 V8 and versions up to 28102025. The root cause is impr...

CVE-2025-10955 HTML Injection in Netcad Software's Netigma

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings. This issue affects Netigma: from 6.3.5 before 6.3.5 V8...

CVE-2010-20112 Amlibweb NetOpacs webquery.dll Stack Buffer Overflow

Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including...

Bna Informatics PosPratik 安全漏洞

Bna Informatics PosPratik is an application from Bna Informatics, Inc. A security vulnerability exists in Bna Informatics PosPratik versions prior to v3.2.1, which stems from improper neutralization of script-related HTML tags in web pages, allowing cross-site scripting attacks via HTTP query...

Malicious code in http-query (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f19b11d590534cc47f47b9fc60fae3affd054b1f5dc720dbbc17147cc7095653 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

iTop 跨站脚本漏洞

iTop is a platform that provides all the resources needed to optimize iTop. A security vulnerability exists in iTop versions 3.1.1 and 3.2.0, which originates from a manipulated HTTP query that allows a user to inject malicious content...

Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or to denial of service.

Summary IBM Db2 Web Query for i is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions CVE-2023-34034 and CVE-2023-44981 and denia...

CVE-2023-50328

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110...