CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5782 matches found

Positive Technologies•added 2026/02/19 12:0 a.m.•5 views

PT-2026-20819

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through the device parameter. Attackers can send POST requests to the QoS devices management endpoint with script payloads in the device...

6.1CVSS5.6AI score0.00022EPSS

Exploits1References4

Positive Technologies•added 2026/02/19 12:0 a.m.•7 views

PT-2026-20816

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...

6.1CVSS5.6AI score0.00045EPSS

Exploits1References4

Positive Technologies•added 2026/02/19 12:0 a.m.•5 views

PT-2026-20811

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask addr...

6.1CVSS5.6AI score0.00014EPSS

Exploits1References4

Positive Technologies•added 2026/02/19 12:0 a.m.•3 views

PT-2026-20828

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUS ADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary...

6.1CVSS5.6AI score0.00022EPSS

Exploits1References4

OSV•added 2026/02/18 10:16 p.m.•3 views

CVE-2019-25397

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the KEY1, IP, HOST, or DOM parameters to...

6.1CVSS5.9AI score0.00084EPSS

Exploits1References4

CVE•added 2026/02/18 9:55 p.m.•9 views

CVE-2019-25356

CVE-2019-25356 affects Bematech MP-4200 TH printer (formerly Logic Controls, now Elgin). The admin configuration page is vulnerable to cross-site scripting via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript in an authenticated user...

6.1CVSS5.5AI score0.00015EPSS

Exploits0References4

CVE•added 2026/02/18 8:59 p.m.•11 views

CVE-2019-25398

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script. The issue allows attackers to inject arbitrary JavaScript by submitting POST parameters such as VPN_IP, DMTU, ccdname, ccdsubnet, DOVPN_SUBNET, DHCP_DOMAIN, DHCP_DNS, DHCP_WINS, ROUTES_P...

6.1CVSS5.6AI score0.00084EPSS

Exploits1References4Affected Software1

OSV•added 2026/02/18 10:30 a.m.•1 views

RSEC-2026-0 Cross-site Request Forgery (CSRF) vulnerability

The widgetframe R package is exposed to a vulnerability due to its use of the Pym.js library version 1.3.1. This can result in arbitrary javascript code execution...

8.8CVSS6AI score0.00296EPSS

Exploits0References4

CNNVD•added 2026/02/18 12:0 a.m.•3 views

Bematech MP-4200 TH 跨站脚本漏洞

The Bematech MP-4200 TH is a thermal receipt printer produced by the British company Bematech. The Bematech MP-4200 TH has a cross-site scripting vulnerability. This vulnerability stems from a cross-site scripting vulnerability present in the administrator configuration page, which may allow...

6.1CVSS5.7AI score0.00015EPSS

Exploits0References5

Positive Technologies•added 2026/02/18 12:0 a.m.•2 views

PT-2026-20502

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters including HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newhost, grp name, remark, SRV NAME, SRV PORT,...

5.4CVSS5.6AI score0.00069EPSS

Exploits1References4

NVD•added 2026/02/16 6:19 p.m.•2 views

CVE-2019-25382

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTPSERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the...

6.1CVSS0.00117EPSS

Exploits1References3

OSV•added 2026/02/16 6:19 p.m.•2 views

CVE-2019-25379

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECTPAGE or CHILDREN parameters to...

7.2CVSS5.9AI score0.00047EPSS

Exploits1References3

ATTACKERKB•added 2026/02/16 5:5 p.m.•2 views

CVE-2019-25394

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...

7.2CVSS5.6AI score0.00042EPSS

Exploits1References3Affected Software1

CVE•added 2026/02/16 5:5 p.m.•8 views

CVE-2019-25394

CVE-2019-25394 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with stored cross-site scripting in the modem.cgi script. Malicious payloads injected via POST parameters (INIT, HANGUP, SPEAKER_ON, SPEAKER_OFF, TONE_DIAL, PULSE_DIAL) can lead to arbitrary JavaScript execution in users’ bro...

7.2CVSS5.6AI score0.00042EPSS

Exploits1References3Affected Software1

CVE•added 2026/02/16 5:4 p.m.•7 views

CVE-2019-25383

CVE-2019-25383 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of reflected cross-site scripting flaws in apcupsd.cgi, allowing an attacker to inject arbitrary JavaScript in victim browsers by crafting POST requests with payloads in parameters such as BATTLEVEL...

6.1CVSS5.6AI score0.00042EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/02/16 5:4 p.m.•3 views

CVE-2019-25383 Smoothwall Express 3.1 'apcupsd.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in parameter...

6.1CVSS5.6AI score0.00042EPSS

Exploits1References3

Positive Technologies•added 2026/02/16 12:0 a.m.•3 views

PT-2026-8374

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP...

6.1CVSS5.6AI score0.00117EPSS

Exploits1References3

CNNVD•added 2026/02/16 12:0 a.m.•3 views

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability , the vulnerability stems from the smoothinfo.cgi endpoint WRAP or SECTIONTITLE parameter on the user-supplied data lack of effective filtering an...

6.1CVSS5.9AI score0.00058EPSS

Exploits1References3

Positive Technologies•added 2026/02/16 12:0 a.m.•4 views

PT-2026-8367

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the EXT, SRC PORT...

6.1CVSS5.6AI score0.00042EPSS

Exploits1References3

CNNVD•added 2026/02/16 12:0 a.m.•3 views

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express proxy.cgi endpoint cross-site scripting vulnerability , the vulnerability stems from the proxy.cgi endpoint in a number of parameters of the user-supplied data lack of effective filtering...

6.1CVSS5.9AI score0.00042EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by