TOTOLINK X15 安全漏洞

TOTOLINK X15 is a network wireless extender from China's Gion Electronics TOTOLINK. The TOTOLINK X15 suffers from a buffer overflow vulnerability that originates from the failure of the file /boafrm/formWlanRedirect parameter redirect-url to correctly validate the length and size of the input dat...

MICI NetFax Server 安全漏洞

MICI NetFax Server is a product suite from China's MICI Corporation MICI designed to receive fax messages to user mailboxes via e-mail traffic. A security vulnerability exists in MICI NetFax Server versions prior to 3.0.1.0, which originates from the possibility that an authenticated user could...

Google Chrome Resource Management Error Vulnerability (CNVD-2025-11249)

Google Chrome is a WEB browser developed by Google Inc. Google Chrome suffers from a Resource Management Error vulnerability that originates from reuse after release, which can be exploited by an attacker to submit a special Web request and trick the user into parsing it to execute arbitrary code...

CVE-2024-46450

Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request...

CVE-2024-48536

Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request...

CVE-2024-48352

Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID...

CVE-2023-22618

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects for example WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B...

CVE-2023-26104

All versions of the package lite-web-server are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse...

CVE-2023-41719

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution...

CVE-2023-39610

An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n4555 and before allows attackers to cause a Denial of Service DoS via supplying a crafted web request...

CVE-2023-24698

Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request...

CVE-2023-22653

An OS command injection vulnerability exists in the vtyshubus tcpdumpstartcb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-22636

An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request...

CVE-2023-32750

Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The...

CVE-2023-33518

emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request...

CVE-2022-46640

Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request...

CVE-2022-31395

Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua...

CVE-2022-29646

An access control issue in TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 allows attackers to obtain sensitive information via a crafted web request...

CVE-2022-24073

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store...

CVE-2022-47003

A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request...