Lucene search
K

523 matches found

RedhatCVE
RedhatCVE
added 2026/02/26 3:10 p.m.7 views

CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

4.3CVSS6.5AI score0.0036EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/02/24 7:43 a.m.8 views

CVE-2026-21863

A flaw was found in Valkey, a distributed key-value database. A malicious actor with access to the Valkey clusterbus port can exploit an input validation vulnerability by sending a specially crafted invalid clusterbus packet. This lack of validation for clusterbus ping extension packets can lead ...

7.5CVSS5.4AI score0.00552EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.12 views

PT-2026-21591

Name of the Vulnerable Software and Affected Versions free5GC SMF versions up to and including 1.4.1 Description free5GC SMF provides the Session Management Function for free5GC, an open-source project for 5G mobile core networks. The software experiences a panic and terminates when processing a...

8.7CVSS5.9AI score0.00302EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/02/20 4:29 p.m.7 views

CVE-2026-21620

A flaw was found in Erlang OTP tftpfile modules. This vulnerability allows an attacker to exploit a weakness in how file paths are handled, known as Relative Path Traversal. By manipulating these paths, an attacker could gain unauthorized access to sensitive files on the system, potentially leadi...

4.2CVSS5.8AI score0.00461EPSS
Exploits0References9
OSV
OSV
added 2026/02/15 2:16 p.m.3 views

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

5.4CVSS5.6AI score
Exploits0References4
NVD
NVD
added 2026/02/15 2:16 p.m.10 views

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS0.00199EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/15 1:58 p.m.3 views

CVE-2019-25373 OPNsense 19.1 Stored XSS via firewall_rules_edit.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS5.6AI score0.00199EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/15 1:58 p.m.30 views

CVE-2019-25373 OPNsense 19.1 Stored XSS via firewall_rules_edit.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS0.00199EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/15 1:58 p.m.5 views

EUVD-2019-19422

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS5.6AI score0.00199EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.5 views

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS5.5AI score0.00199EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/15 1:58 p.m.14 views

CVE-2019-25373

CVE-2019-25373 – OPNsense 19.1 Stored XSS has a vulnerability in the category field of the firewall_rules_edit.php endpoint. An authenticated user can submit crafted input via POST to this page, injecting JavaScript that is then executed in other users’ browsers when they view firewall rule pages...

6.4CVSS5.5AI score0.00199EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.8 views

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability in the...

6.4CVSS5.7AI score0.00199EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.10 views

PT-2026-8245

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall rules edit.php with script payloads in the category field to execu...

6.4CVSS5.5AI score0.00199EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/06 7:13 p.m.7 views

CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.4AI score0.05431EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/03 3:56 a.m.5 views

CVE-2025-11261

A flaw was found in MediaWiki. This vulnerability, known as Cross-site Scripting XSS, occurs due to improper neutralization of input during web page generation. A remote attacker could exploit this by injecting malicious scripts into web pages. Successful exploitation could lead to arbitrary code...

6.1CVSS6.3AI score0.00225EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 12:0 a.m.34 views

CVE-2025-67186

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

0.00694EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/29 7:6 p.m.8 views

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti " port port="80" protocol="tcp" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="" port port="443" protocol="tcp" accept' firewall-cmd --reload Replace with the actual IP address or...

5.4CVSS5.5AI score0.002EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/01/24 12:0 a.m.5 views

Safeguard: Security Controls at the Software Defined Network Layer

Improvements in software defined networking allow for policy to be informed and modified by data-driven applications that can adjust policy to accommodate fluctuating requirements at line speed. However, there is some concern that over-correction can occur and cause unintended consequences...

5.6AI score
Exploits0
Cvelist
Cvelist
added 2026/01/15 7:18 p.m.20 views

CVE-2026-23766

...

0.00036EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.12 views

PT-2026-3101

Name of the Vulnerable Software and Affected Versions Istio versions through 1.28.2 Description Istio versions through 1.28.2 permit the injection of iptables rules, potentially altering firewall behavior. This is achieved through the traffic.sidecar.istio.io/excludeInterfaces annotation. The...

4.1CVSS6.9AI score0.00036EPSS
Exploits0References5
Rows per page
Query Builder