62 matches found
CVE-2026-3168
A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been ma...
CVE-2025-15472
A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be use...
CVE-2025-15472
A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be...
CVE-2025-15255
A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has...
Tenda W6-S 安全漏洞
Tenda W6-S is a wireless access point device from Tenda China. A security vulnerability exists in Tenda W6-S version 1.0.0.4, which originates from an incorrect manipulation of the file /bin/httpd parameter cookie in the component R7websSecurityHandler, which could result in a stack buffer overfl...
CVE-2025-14636
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function imagecheck of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the...
CVE-2025-14636
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function imagecheck of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the...
PT-2025-43381
Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.2.15.0 and earlier Description An improper input validation exists in the Security Dashboard's ignored-tasks API. An authenticated user can send a crafted request to cause a denial of service to the Security...
CVE-2025-62287
Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications component: Web Server. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Science...
EUVD-2022-52427
Malicious code in bioql PyPI...
CVE-2025-8949
A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function getpingappstat of the file pingresponse.cgi of the component httpd. The manipulation of the argument pingipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The...
CVE-2025-34136
An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed...
PT-2025-30892 · Commvault · Commvault
Name of the Vulnerable Software and Affected Versions: Commvault versions 11.32.0 through 11.32.93 Commvault versions 11.36.0 through 11.36.51 Commvault versions 11.38.0 through 11.38.19 Description: An SQL injection vulnerability exists in the Web Server component that could allow a remote,...
CVE-2025-4544
A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument defmax/deftime/deftcpmax/deftcptime/defudpmax/defudptime/deficmpmax leads to...
CVE-2024-26219
HTTP.sys Denial of Service Vulnerability...
PT-2024-20319 · Cellinx · Cellinx Nvt Web Server
Name of the Vulnerable Software and Affected Versions: Cellinx NVT Web Server version 5.0.0.014 Description: An issue in the component /cgi-bin/GetJsonValue.cgi allows attackers to leak configuration information via a crafted POST request to the "GetJsonValue.cgi" endpoint. Recommendations: For...
CVE-2023-35298
HTTP.sys Denial of Service Vulnerability...
CVE-2023-0613
A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation leads to memory corruption. The attack can be launched remotely. The...
CVE-2022-30578
The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting XSS on the affected system. A successful attack using this vulnerability requires human...
CVE-2022-22776
The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting XSS on the affected system. A successful attack using...