Lucene search
K

310 matches found

CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

niknah Anon Proxy Server 跨站脚本漏洞

The niknah Anon Proxy Server is a proxy server software provided by niknah Corporation that offers anonymous network access and traffic forwarding capabilities. Version 0.104 of the niknah Anon Proxy Server contains a cross-site scripting vulnerability. This vulnerability stems from the host...

6.1CVSS5.7AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.3 views

PT-2026-29210

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

5.1CVSS6AI score0.00194EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.5 views

CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...

9.8CVSS6AI score0.00331EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/26 10:22 a.m.151 views

Exploit for Argument Injection in Weblate

Weblate — Arbitrary File Read via SSH Host Argument Injection...

9.1CVSS6AI score0.00447EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2026/03/24 5:58 p.m.5 views

CVE-2026-33401

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

8.8CVSS7.2AI score0.00497EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2026/03/16 2:17 p.m.4 views

CVE-2016-20036

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

6.1CVSS0.00236EPSS
Exploits2References3
NVD
NVD
added 2026/03/11 5:16 p.m.3 views

CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...

9.8CVSS0.00331EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 12:0 a.m.2 views

CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...

5.9AI score0.00331EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/11 12:0 a.m.33 views

CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...

0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 12:0 a.m.19 views

CVE-2025-67041

CVE-2025-67041 affects Lantronix EDS3000PS (3.1.0.0R2). The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized, enabling an attacker to escape the original command and execute arbitrary commands with root privileges. The vulnerability is rated CVSS v3.1 bas...

9.8CVSS5.9AI score0.00331EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/15 2:16 p.m.11 views

CVE-2019-25371

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS0.00241EPSS
Exploits1References4
NVD
NVD
added 2026/02/15 2:16 p.m.7 views

CVE-2019-25372

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS0.00241EPSS
Exploits1References4
OSV
OSV
added 2026/02/15 2:16 p.m.4 views

CVE-2019-25372

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

5.1CVSS5.6AI score
Exploits0References4
OSV
OSV
added 2026/02/15 2:16 p.m.5 views

CVE-2019-25371

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

5.1CVSS5.6AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.4 views

CVE-2019-25372

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/15 1:58 p.m.17 views

CVE-2019-25372

OPNsense 19.1 contains a reflected Cross-Site Scripting vulnerability in diag_traceroute.php, caused by insufficient input validation of the host parameter. Unauthenticated attackers can submit crafted POST payloads to execute arbitrary JavaScript in a user’s browser session. The CVSS metrics ind...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/15 1:58 p.m.31 views

CVE-2019-25372 OPNsense 19.1 Reflected XSS via diag_traceroute.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS0.00241EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/15 1:58 p.m.5 views

EUVD-2019-19423

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS5.6AI score0.00241EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/15 1:58 p.m.31 views

CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS0.00241EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/15 1:58 p.m.5 views

CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS5.6AI score0.00241EPSS
Exploits1References4
Rows per page
Query Builder