106 matches found
CVE-2019-25369
OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...
CVE-2019-25369
OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...
CVE-2019-25377 OPNsense 19.1 Reflected XSS via system_advanced_sysctl.php
OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...
CVE-2019-25377 OPNsense 19.1 Reflected XSS via system_advanced_sysctl.php
OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...
CVE-2019-25377
OPNsense 19.1 is affected by a reflected XSS in the system_advanced_sysctl.php endpoint. The vulnerability allows an attacker to inject malicious scripts via the value parameter in crafted POST requests, executing JavaScript in the context of an authenticated user session. Root cause is reflected...
CVE-2019-25369 OPNsense 19.1 Stored XSS via system_advanced_sysctl.php
OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...
EUVD-2019-19426
OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...
CVE-2019-25369
CVE-2019-25369 affects OPNsense 19.1 with a stored cross-site scripting (XSS) in the endpoint system_advanced_sysctl.php . The vulnerability allows an attacker to submit POST payloads to the tunable parameter, which are stored and later executed within the context of an authenticated user session...
PT-2026-8249
OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system advanced sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...
PT-2026-8241
OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system advanced sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...
CVE-2025-40807
A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...
EUVD-2025-35890
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.23.2, any authenticated user can create sessions and have them collect QoS messages. When not sent to a client, these are then not released upon eventual session expiration. Version 1.23.2 fixes the issue...
Matrix Authentication Service 安全漏洞
Matrix Authentication Service is a user management and authentication system from Element Open Source. A security vulnerability exists in Matrix Authentication Service versions 0.20.0 through 1.4.0, which stems from a logic flaw that could allow an attacker to perform sensitive operations without...
CVE-2025-10240 Possibility of unintended actions when a user clicks a malicious link in the Progress Flowmon web application
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...
EUVD-2018-0678
Malware in sbrugna...