Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/02/15 2:16 p.m.4 views

CVE-2019-25371

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS0.00055EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/02/15 1:58 p.m.2 views

CVE-2019-25371

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS5.5AI score0.00055EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/15 1:58 p.m.3 views

CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS5.6AI score0.00055EPSS
Exploits1References4
CVE
CVEadded 2026/02/15 1:58 p.m.11 views

CVE-2019-25371

CVE-2019-25371 affects OPNsense 19.1. It is a reflected cross-site scripting vulnerability in the diag_ping.php endpoint where insufficient input validation on the host parameter allows unauthenticated users to submit crafted POST requests and execute arbitrary JavaScript in other users’ browsers...

6.1CVSS5.5AI score0.00055EPSS
Exploits1References4Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-29124

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.0051EPSS
Exploits1References6
NVD
NVDadded 2025/09/14 4:15 p.m.3 views

CVE-2025-10401

A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diagping. Performing manipulation of the argument targetaddr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may...

8.8CVSS0.0051EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/09/14 3:32 p.m.2 views

CVE-2025-10401 D-Link DIR-823x diag_ping command injection

A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diagping. Performing manipulation of the argument targetaddr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may...

6.5CVSS6.3AI score0.0051EPSS
Exploits1References5
Rows per page
Query Builder