CVE-2025-11848

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

CVE-2025-11847

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

EUVD-2025-207562

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

Soliton Systems K.K FileZen OS Command Injection Vulnerability

Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request...

CVE-2025-15563

Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here...

CVE-2025-15563 Broken Access Control results in Denial of Service in NesterSoft WorkTime

Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here...

PT-2026-20802

Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here...

CVE-2019-25355

Removed by vendor...

CVE-2025-70147

CVE-2025-70147 affects ProjectWorlds Online Time Table Generator 1.0. The vulnerability is missing authentication on /admin/student.php and /admin/teacher.php, enabling remote attackers to access sensitive data (including plaintext password field values) via direct HTTP GET requests without a val...

CVE-2026-2537

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched...

CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

CVE-2025-55018

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

CVE-2025-55018

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

CVE-2025-55018

Fortinet FortiOS contains an HTTP request smuggling vulnerability (CVE-2025-55018) due to inconsistent interpretation of http requests. Affects FortiOS: 7.6.0; 7.4.0–7.4.9; 7.2 all versions; 7.0 all versions; 6.4.3–6.4.16. Exploitation could allow an unauthenticated attacker to smuggle an unlogge...

PT-2026-7273

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.4.3 through 6.4.16 Fortinet FortiOS versions 7.0 all versions Fortinet FortiOS versions 7.2 all versions Fortinet FortiOS versions 7.4.0 through 7.4.9 Fortinet FortiOS version 7.6.0 Description An issue exists in th...

CVE-2026-22903

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections...

CVE-2026-25631

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...

CVE-2026-25631 Domain allowlist bypass enables credential exfiltration

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...