Lucene search
K

272 matches found

RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.8 views

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

8.8CVSS6.6AI score0.01897EPSS
Exploits0References1
NVD
NVD
added 2026/02/26 10:20 p.m.7 views

CVE-2026-27154

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name can be evaluated as raw HTML when the following settings are set: displaynameonposts = true; and prioritizeusernameinux = false. Editing a post of a malicious user would trigger ...

6.1CVSS0.00166EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 5:0 p.m.26 views

CVE-2026-27156

NiceGUI (Python) before version 3.8.0 is vulnerable to XSS via code injection in client-side runMethod-related APIs (Element.run_method, AgGrid.run_grid_method, EChart.run_chart_method, etc.) due to eval fallback and unsafe string interpolation of method names. The issue allows attacker-controlle...

6.1CVSS5.8AI score0.00163EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/02/20 9:21 a.m.5 views

Cross Site Scripting (XSS)

Agora is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input handling of the topicName parameter in client/agora/public/js/editorManager.js, which allows an attacker to inject malicious scripts that execute in a user’s browser...

6.4CVSS6AI score0.00234EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/19 6:24 p.m.5 views

CVE-2026-23606

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References2
NVD
NVD
added 2026/02/19 1:16 p.m.6 views

CVE-2019-25404

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the adminname, name, and surname parameters via...

6.4CVSS0.00301EPSS
Exploits1References4
Hacker One
Hacker One
added 2026/02/16 12:22 a.m.15 views

PortSwigger Web Security: HTML Injection in DAST Trial Request Form Confirmation Email – PortSwigger

A vulnerability was discovered in the DAST trial request form on the website, where user input in the "First Name" field was not properly sanitized before being included in confirmation emails. This allowed the injection of arbitrary HTML content, which would be rendered in the recipient's email...

5.7AI score
Exploits0
NVD
NVD
added 2026/02/12 11:16 p.m.5 views

CVE-2019-25330

SurfOffline Professional 2.2.0.103 contains a structured exception handler SEH overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to...

7.5CVSS0.00314EPSS
Exploits0References4
CVE
CVE
added 2026/02/12 10:48 p.m.11 views

CVE-2019-25334

Product Key Explorer 4.2.0.0 contains a local denial-of-service vulnerability in the registration name input field. A crafted text file with repeated characters can trigger a buffer overflow when pasted, causing the application to crash. The advisory documents this as a local exploit with a high ...

6.7CVSS5.9AI score0.0019EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:48 p.m.5 views

CVE-2019-25330

SurfOffline Professional 2.2.0.103 contains a structured exception handler SEH overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to...

7.5CVSS5.6AI score0.00314EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/12 10:48 p.m.25 views

CVE-2019-25330 SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)

SurfOffline Professional 2.2.0.103 contains a structured exception handler SEH overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to...

7.5CVSS0.00314EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/12 10:48 p.m.4 views

CVE-2019-25330 SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)

SurfOffline Professional 2.2.0.103 contains a structured exception handler SEH overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to...

7.5CVSS5.6AI score0.00314EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.9 views

PT-2026-7929

SurfOffline Professional 2.2.0.103 contains a structured exception handler SEH overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to...

7.5CVSS5.6AI score0.00314EPSS
Exploits0References5
CVE
CVE
added 2026/02/12 12:0 a.m.9 views

CVE-2025-70092

OpenSourcePOS v3.4.1 is affected by a cross-site scripting (XSS) vulnerability in the Item Kits function. The issue allows an attacker to inject arbitrary web scripts or HTML by supplying a crafted payload into the Item Name parameter, due to insufficient input handling. Impact is described as XS...

5.5CVSS5.5AI score0.00196EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.4 views

PT-2026-7940

iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash...

7.5CVSS5.8AI score0.00304EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/12 12:0 a.m.7 views

CVE-2025-70092

A cross-site scripting XSS vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter...

5.5AI score0.00196EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.7 views

SurfOffline Professional 安全漏洞

SurfOffline Professional is a website download tool provided by the SurfOffline company. The version 2.2.0.103 of SurfOffline Professional contains a security vulnerability. This vulnerability stems from an issue with structured exception handling in the program’s name input, which may lead to a...

7.5CVSS5.8AI score0.00314EPSS
Exploits0References5
NVD
NVD
added 2026/02/11 9:16 p.m.15 views

CVE-2020-37201

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash...

7.5CVSS0.00345EPSS
Exploits1References3
NVD
NVD
added 2026/02/11 9:16 p.m.12 views

CVE-2020-37195

BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash...

7.5CVSS0.00304EPSS
Exploits0References3
NVD
NVD
added 2026/02/11 9:16 p.m.15 views

CVE-2020-37183

Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow...

9.8CVSS0.00419EPSS
Exploits0References3
Rows per page
Query Builder