Lucene search
+L

527 matches found

RedhatCVE
RedhatCVE
added 2026/03/04 11:44 p.m.8 views

CVE-2026-3234

A flaw was found in modproxycluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoin...

4.3CVSS5.7AI score0.00332EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.5 views

SUSE CVE-2026-25702

A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before...

7.3CVSS5.8AI score0.00203EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/03/04 12:0 a.m.4 views

From Threat Intelligence to Firewall Rules: Semantic Relations in Hybrid AI Agent and Expert System Architectures

Web security demands rapid response capabilities to evolving cyber threats. Agentic Artificial Intelligence AI promises automation, but the need for trustworthy security responses is of the utmost importance. This work investigates the role of semantic relations in extracting information for...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/26 3:10 p.m.8 views

CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

4.3CVSS6.5AI score0.0036EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/02/24 7:43 a.m.9 views

CVE-2026-21863

A flaw was found in Valkey, a distributed key-value database. A malicious actor with access to the Valkey clusterbus port can exploit an input validation vulnerability by sending a specially crafted invalid clusterbus packet. This lack of validation for clusterbus ping extension packets can lead ...

7.5CVSS5.4AI score0.00552EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.14 views

PT-2026-21591

Name of the Vulnerable Software and Affected Versions free5GC SMF versions up to and including 1.4.1 Description free5GC SMF provides the Session Management Function for free5GC, an open-source project for 5G mobile core networks. The software experiences a panic and terminates when processing a...

8.7CVSS5.9AI score0.00302EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/02/20 4:29 p.m.8 views

CVE-2026-21620

A flaw was found in Erlang OTP tftpfile modules. This vulnerability allows an attacker to exploit a weakness in how file paths are handled, known as Relative Path Traversal. By manipulating these paths, an attacker could gain unauthorized access to sensitive files on the system, potentially leadi...

4.2CVSS5.8AI score0.00461EPSS
Exploits0References9
NVD
NVD
added 2026/02/15 2:16 p.m.11 views

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS0.00199EPSS
Exploits1References4
OSV
OSV
added 2026/02/15 2:16 p.m.4 views

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

5.4CVSS5.6AI score
Exploits0References4
Cvelist
Cvelist
added 2026/02/15 1:58 p.m.30 views

CVE-2019-25373 OPNsense 19.1 Stored XSS via firewall_rules_edit.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS0.00199EPSS
Exploits1References4
CVE
CVE
added 2026/02/15 1:58 p.m.16 views

CVE-2019-25373

CVE-2019-25373 – OPNsense 19.1 Stored XSS has a vulnerability in the category field of the firewall_rules_edit.php endpoint. An authenticated user can submit crafted input via POST to this page, injecting JavaScript that is then executed in other users’ browsers when they view firewall rule pages...

6.4CVSS5.5AI score0.00199EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/15 1:58 p.m.3 views

CVE-2019-25373 OPNsense 19.1 Stored XSS via firewall_rules_edit.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS5.6AI score0.00199EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/15 1:58 p.m.6 views

EUVD-2019-19422

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS5.6AI score0.00199EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.6 views

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS5.5AI score0.00199EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.8 views

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability in the...

6.4CVSS5.7AI score0.00199EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.10 views

PT-2026-8245

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall rules edit.php with script payloads in the category field to execu...

6.4CVSS5.5AI score0.00199EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/06 7:13 p.m.9 views

CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.4AI score0.05431EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/03 3:56 a.m.5 views

CVE-2025-11261

A flaw was found in MediaWiki. This vulnerability, known as Cross-site Scripting XSS, occurs due to improper neutralization of input during web page generation. A remote attacker could exploit this by injecting malicious scripts into web pages. Successful exploitation could lead to arbitrary code...

6.1CVSS6.3AI score0.00225EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 12:0 a.m.38 views

CVE-2025-67186

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

0.00694EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/29 7:6 p.m.10 views

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti " port port="80" protocol="tcp" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="" port port="443" protocol="tcp" accept' firewall-cmd --reload Replace with the actual IP address or...

5.4CVSS5.5AI score0.002EPSS
Exploits1References2
Rows per page
Query Builder