1408 matches found
CVE-2019-25413
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...
CVE-2019-25414
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with script payloads in the ID parameter to execut...
CVE-2019-25413 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via ID Parameter
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...
CVE-2019-25413
Comodo Dome Firewall 2.7.0 is affected by a reflected cross-site scripting vulnerability where unauthenticated attackers can inject JavaScript via the ID parameter on the /manage/ips/rules/ endpoint. The issue allows execution of arbitrary scripts in victim browsers, with CVSS metrics indicating ...
PT-2026-20817
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with script payloads in the ID parameter to execut...
PT-2026-20816
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...
CVE-2026-25492
Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...
PT-2026-7722
Name of the Vulnerable Software and Affected Versions LangChain versions prior to 1.1.14 Description The RecursiveUrlLoader class within the @langchain/community component is a web crawler that recursively follows links from a starting URL. The preventOutside option, intended to restrict crawling...
OPENSUSE-SU-2026:20192-1 Security update for tailscale
This update for tailscale fixes the following issues: Changes in tailscale: - Update to version 1.94.0: IS SET and NOT SET have been added as device posture operators India DERP Region City Name updated Custom DERP servers support GCP Certificate Manager Tailscale SSH authentication, when...
Insertion of Sensitive Information Into Sent Data
Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data ...
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations
Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaig...
PT-2026-3248
Name of the Vulnerable Software and Affected Versions TheLibrarian affected versions not specified Description The Librarian software has an internal port scanning issue stemming from the web fetch tool. This tool allows for Server-Side Request Forgery SSRF-style behavior, enabling GET requests t...
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control C2 nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times,...
CVE-2023-4800
The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users...
CVE-2019-2704
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: IPS Package Manager. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris. Successfu...
CVE-2023-40718
A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets...
Cisco UTD SNORT IPS Engine Software和Cisco Secure Firewall Threat Defense Software 资源管理错误漏洞
Cisco UTD SNORT IPS Engine Software and Cisco Secure Firewall Threat Defense Software are both products of Cisco Corporation.Cisco UTD SNORT IPS Engine Software is an intrusion detection and defense Cisco Secure Firewall Threat Defense Software is a firewall operating system. A resource managemen...
Cisco Secure Firewall Threat Defense和Cisco UTD SNORT IPS Engine Software 信息泄露漏洞
Cisco Secure Firewall Threat Defense and Cisco UTD SNORT IPS Engine Software are both products of Cisco, Inc.Cisco Secure Firewall Threat Defense is an integrated firewall platform. Cisco UTD SNORT IPS Engine Software is an intrusion detection and defense engine. An information disclosure...
Exploit for Deserialization of Untrusted Data in Facebook React
$$\ $$\ $$$$$$$\ $$\ $$\ $$$$$$$$\ $$\ $...
CVE-2025-6946
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...