Lucene search
+L

106 matches found

NVD
NVD
added 2026/02/15 2:16 p.m.9 views

CVE-2019-25369

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...

6.4CVSS0.00199EPSS
Exploits1References4
OSV
OSV
added 2026/02/15 2:16 p.m.7 views

CVE-2019-25369

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...

5.4CVSS5.2AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/15 1:58 p.m.5 views

CVE-2019-25377 OPNsense 19.1 Reflected XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

5.4CVSS5.3AI score0.00243EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/15 1:58 p.m.34 views

CVE-2019-25377 OPNsense 19.1 Reflected XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

5.4CVSS0.00243EPSS
Exploits1References4
CVE
CVE
added 2026/02/15 1:58 p.m.23 views

CVE-2019-25377

OPNsense 19.1 is affected by a reflected XSS in the system_advanced_sysctl.php endpoint. The vulnerability allows an attacker to inject malicious scripts via the value parameter in crafted POST requests, executing JavaScript in the context of an authenticated user session. Root cause is reflected...

6.1CVSS5.2AI score0.00243EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/15 1:58 p.m.31 views

CVE-2019-25369 OPNsense 19.1 Stored XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...

6.4CVSS0.00199EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/15 1:58 p.m.7 views

EUVD-2019-19426

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...

6.4CVSS5.2AI score0.00199EPSS
Exploits1References4
CVE
CVE
added 2026/02/15 1:58 p.m.18 views

CVE-2019-25369

CVE-2019-25369 affects OPNsense 19.1 with a stored cross-site scripting (XSS) in the endpoint system_advanced_sysctl.php . The vulnerability allows an attacker to submit POST payloads to the tunable parameter, which are stored and later executed within the context of an authenticated user session...

6.4CVSS5.1AI score0.00199EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.14 views

PT-2026-8249

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system advanced sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

5.4CVSS5.2AI score0.00243EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.13 views

PT-2026-8241

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system advanced sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context...

6.4CVSS5.1AI score0.00199EPSS
Exploits1References5
Snyk
Snyk
added 2026/01/08 2:46 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...

8.8CVSS6.7AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/08 2:46 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...

8.8CVSS6.7AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/08 2:46 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...

8.8CVSS6.7AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/08 2:46 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...

8.8CVSS6.7AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/08 2:46 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...

8.8CVSS6.7AI score0.00258EPSS
Exploits1References2
OSV
OSV
added 2025/12/09 4:17 p.m.8 views

CVE-2025-40807

A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...

5.4CVSS5.7AI score0.00269EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/24 8:16 p.m.5 views

EUVD-2025-35890

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.23.2, any authenticated user can create sessions and have them collect QoS messages. When not sent to a client, these are then not released upon eventual session expiration. Version 1.23.2 fixes the issue...

4.3CVSS6.2AI score0.00308EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.6 views

Matrix Authentication Service 安全漏洞

Matrix Authentication Service is a user management and authentication system from Element Open Source. A security vulnerability exists in Matrix Authentication Service versions 0.20.0 through 1.4.0, which stems from a logic flaw that could allow an attacker to perform sensitive operations without...

8.3CVSS6.8AI score0.00422EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/09 12:43 p.m.3 views

CVE-2025-10240 Possibility of unintended actions when a user clicks a malicious link in the Progress Flowmon web application

A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...

8.8CVSS6.3AI score0.003EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-0678

Malware in sbrugna...

8.1CVSS8AI score0.01759EPSS
Exploits0References12
Rows per page
Query Builder