Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

197 matches found

CVE
CVEadded 2026/02/16 5:5 p.m.12 views

CVE-2019-25388

The vulnerability CVE-2019-25388 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, specifically the ipblock.cgi endpoint. It is a reflected cross-site scripting flaw where a crafted POST request can inject script tags through SRC_IP and COMMENT parameters, allowing arbitrary JavaScript exe...

6.1CVSS5.6AI score0.00244EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/16 5:5 p.m.5 views

CVE-2019-25388 Smoothwall Express 3.1 'ipblock.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRCIP and COMMENT paramete...

6.1CVSS5.6AI score0.00244EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/02/16 5:5 p.m.5 views

CVE-2019-25387

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DESTPORT, or...

6.1CVSS5.6AI score0.00244EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/02/16 5:5 p.m.13 views

CVE-2019-25387

Smoothwall Express 3.1-SP4-polar-x86_64-update9 is affected by a reflected cross-site scripting vulnerability in xtaccess.cgi. An unauthenticated attacker can inject JavaScript by sending crafted input to the xtaccess.cgi endpoint via POST, exploiting the EXT, DEST_PORT, or COMMENT parameters to ...

6.1CVSS5.6AI score0.00244EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/02/16 5:4 p.m.9 views

CVE-2019-25386

CVE-2019-25386 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with multiple reflected XSS vulnerabilities in the dmzholes.cgi script. The issue allows attackers to inject arbitrary JavaScript into users’ browsers by submitting POST requests containing payloads in the SRC_IP, DEST_IP, or...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/02/16 5:4 p.m.23 views

CVE-2019-25386 Smoothwall Express 3.1 'dmzholes.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRCIP, DESTIP,...

6.1CVSS0.00225EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/02/16 12:0 a.m.4 views

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the hosts.cgi script in the IP, HOSTNAME or COMMENT parameter on the user-supplied data lack of effective filtering and...

6.1CVSS5.9AI score0.00225EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/02/16 12:0 a.m.6 views

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability , the vulnerability stems from the xtaccess.cgi endpoint EXT, DESTPORT or COMMENT parameter on the user-supplied data lack of effective filtering...

6.1CVSS5.9AI score0.00244EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/02/16 12:0 a.m.3 views

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the ipblock.cgi endpoint of the SRCIP and COMMENT parameters of the user-supplied data lack of effective filtering and...

6.1CVSS5.9AI score0.00244EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/02/16 12:0 a.m.4 views

PT-2026-8364

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint with script payloa...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3
Packet Storm
Packet Stormadded 2026/02/02 12:0 a.m.133 views

📄 Geeklog 2.2.1 Blind SQL Injection

A blind SQL injection vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to execute arbitrary SQL commands via the uid parameter in comment.php. This issue is older research added to the archive. Geeklog 2.2.1 - Blind SQL Injection Advisory ID: RO-20-002...

6.2AI score
Exploits0
RedhatCVE
RedhatCVEadded 2026/01/30 3:40 p.m.11 views

CVE-2026-1469

Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...

6.9CVSS6AI score0.00136EPSS
Exploits0References1
NVD
NVDadded 2026/01/29 12:16 p.m.5 views

CVE-2026-1469

Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...

6.9CVSS0.00136EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/01/29 11:30 a.m.31 views

CVE-2026-1469 Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager

Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...

6.9CVSS0.00136EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/01/29 11:30 a.m.3 views

CVE-2026-1469

Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...

6.9CVSS6AI score0.00136EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/01/29 11:30 a.m.2 views

CVE-2026-1469 Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager

Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...

6.9CVSS6AI score0.00136EPSS
Exploits0References1
EUVD
EUVDadded 2026/01/29 11:30 a.m.6 views

EUVD-2026-4996

Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...

6.9CVSS6AI score0.00136EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/01/29 12:0 a.m.4 views

PT-2026-5261

Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...

6.9CVSS6AI score0.00136EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/01/09 9:0 a.m.2 views

CVE-2023-50243

Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

7.2CVSS8.4AI score0.01413EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/30 3:32 p.m.4 views

EUVD-2025-37011

Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...

5.5AI score0.00285EPSS
Exploits1References4
Rows per page
Query Builder