CVE-2025-40646

CVE-2025-40646 describes a Stored Cross-Site Scripting (XSS) in Energy CRM v2025 by Status Tracker Ltd. The vulnerability arises from insufficient validation of user input in a POST to /crm/create_job_submit.php, using the JobCreatedBy parameter. An attacker could craft a request that, when viewe...

CVE-2025-28357

A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request...

CVE-2025-11030

A vulnerability was detected in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60. Impacted is an unknown function of the file /admin/all-applied-leave.php of the component HTTP Request Handler. The manipulation results in improper authorization. The atta...

CVE-2025-10987 YunaiV yudao-cloud HTTP Request transfer improper authorization

A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...

CVE-2025-10815

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. T...

CVE-2025-59304

A directory traversal issue in Swetrix Web Analytics API 3.1.1 before 7d8b972 allows a remote attacker to achieve Remote Code Execution via a crafted HTTP request...

CVE-2025-59304

A directory traversal issue in Swetrix Web Analytics API 3.1.1 before 7d8b972 allows a remote attacker to achieve Remote Code Execution via a crafted HTTP request...

CVE-2009-20005 InterSystems Caché UtilConfigHome.csp Stack Buffer Overflow

A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a sta...

PT-2025-37457

Name of the Vulnerable Software and Affected Versions: Tenda AC1206 version 15.03.06.23 Description: A stack-based buffer overflow vulnerability exists in the HTTP Request Handler component of the Tenda AC1206. The vulnerability is located in the check param changed function within the...

Tenda AC1206 安全漏洞

Tenda AC1206 is a wireless gigabit router from Tenda China. A security vulnerability exists in Tenda AC1206 version 15.03.06.23, which originates from the incorrect manipulation of the parameter wanMTU by the function checkparamchanged in the file /goform/AdvSetMacMtuWa in the HTTP Request Handle...

Tautulli < 2.16.0 Multiple Vulnerabilities - Active Check

Tautulli is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tautulli:tautulli"; if description...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-h2 (SUSE-SU-2025:03199-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03199-1 advisory. - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737 Tenable h...

SUSE-SU-2025:03201-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2025-53643: request smuggling vulnerability due to incorrect parsing trailer sections of an HTTP request bsc1246517...

CVE-2025-34172

In pfSense CE /usr/local/www/haproxy/haproxystats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated...

CVE-2025-34172 Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting

In pfSense CE /usr/local/www/haproxy/haproxystats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated...

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. An environment issue vulnerability exists in Netty versions 4.1.124.Final and 4.2.0.Alpha3 through 4.2.4.Final, which stems fr...

Linux Distros Unpatched Vulnerability : CVE-2023-30943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user c...

Linux Distros Unpatched Vulnerability : CVE-2019-3992

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration fil...

CVE-2025-29514

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request...