Lucene search
K

7797 matches found

Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-20813

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute...

6.1CVSS5.6AI score0.0034EPSS
Exploits1References4
NVD
NVD
added 2026/02/18 10:16 p.m.7 views

CVE-2019-25399

IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these parameters to execute...

6.4CVSS0.00232EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/18 10:7 p.m.7 views

LibreNMS /port-groups name Stored Cross-Site Scripting

Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2026/02/18 10:7 p.m.4 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the name parameter in the HTTP POST request to /device-groups. An attacker with admin...

5.4CVSS5.6AI score0.00216EPSS
Exploits1References2
OSV
OSV
added 2026/02/18 10:7 p.m.2 views

GHSA-5PQF-54QP-32WX LibreNMS /device-groups name Stored Cross-Site Scripting

Summary /device-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/device-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/02/18 10:7 p.m.6 views

LibreNMS /device-groups name Stored Cross-Site Scripting

Summary /device-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/device-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/18 9:55 p.m.3 views

CVE-2019-25401 Bematech Printer MP-4200 TH Denial of Service

Bematech formerly Logic Controls, now Elgin MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service...

8.7CVSS5.6AI score0.00422EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/18 8:59 p.m.3 views

CVE-2019-25398 IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPNIP, DMTU, ccdname,...

6.1CVSS5.6AI score0.00242EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.6 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : AIOHTTP vulnerabilities (USN-8032-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8032-1 advisory. Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References8
Snyk
Snyk
added 2026/02/17 6:43 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteBranchPost function. A repository collaborator with Write permission can delete protected branches or the default branch by sending POST requests directly to the web interface, bypassing branch...

8.8CVSS5.6AI score0.00436EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/17 6:43 p.m.9 views

Gogs has a Protected Branch Deletion Bypass in Web Interface

Summary An access control bypass vulnerability in Gogs web interface allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing the branch protection mechanism. This vulnerability enabl...

8.8CVSS5.7AI score0.00436EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.11 views

PT-2026-20322

Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.4 and below Description Gogs, an open-source self-hosted Git service, contains an access control bypass issue. Repository collaborators with Write permissions can delete protected branches, including the default branch, by...

9.9CVSS6AI score0.27661EPSS
Exploits45References117
OSV
OSV
added 2026/02/16 6:19 p.m.3 views

CVE-2019-25393

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script...

6.1CVSS5.9AI score0.00233EPSS
Exploits1References3
OSV
OSV
added 2026/02/16 6:19 p.m.5 views

CVE-2019-25394

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...

6.1CVSS5.9AI score0.00223EPSS
Exploits1References3
OSV
OSV
added 2026/02/16 6:19 p.m.3 views

CVE-2019-25388

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRCIP and COMMENT paramete...

6.1CVSS5.9AI score0.00244EPSS
Exploits1References3
NVD
NVD
added 2026/02/16 6:19 p.m.5 views

CVE-2019-25388

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRCIP and COMMENT paramete...

6.1CVSS0.00244EPSS
Exploits1References3
NVD
NVD
added 2026/02/16 6:19 p.m.5 views

CVE-2019-25392

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP...

6.1CVSS0.00244EPSS
Exploits1References3
OSV
OSV
added 2026/02/16 6:19 p.m.5 views

CVE-2019-25386

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRCIP, DESTIP,...

6.1CVSS5.9AI score0.00225EPSS
Exploits1References3
OSV
OSV
added 2026/02/16 6:19 p.m.3 views

CVE-2019-25387

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DESTPORT, or...

6.1CVSS5.9AI score0.00244EPSS
Exploits1References3
NVD
NVD
added 2026/02/16 6:19 p.m.8 views

CVE-2019-25381

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint with script payload...

6.1CVSS0.00225EPSS
Exploits1References3
Rows per page
Query Builder