Lucene search
K

1408 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/19 12:2 p.m.5 views

CVE-2019-25413

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...

6.1CVSS5.6AI score0.00384EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/19 12:2 p.m.8 views

CVE-2019-25414

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with script payloads in the ID parameter to execut...

6.1CVSS5.6AI score0.00384EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/19 12:2 p.m.24 views

CVE-2019-25413 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via ID Parameter

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...

6.1CVSS0.00384EPSS
Exploits1References4
CVE
CVE
added 2026/02/19 12:2 p.m.27 views

CVE-2019-25413

Comodo Dome Firewall 2.7.0 is affected by a reflected cross-site scripting vulnerability where unauthenticated attackers can inject JavaScript via the ID parameter on the /manage/ips/rules/ endpoint. The issue allows execution of arbitrary scripts in victim browsers, with CVSS metrics indicating ...

6.1CVSS5.6AI score0.00384EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-20817

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with script payloads in the ID parameter to execut...

6.1CVSS5.6AI score0.00384EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.12 views

PT-2026-20816

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...

6.1CVSS5.6AI score0.00384EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.10 views

CVE-2026-25492

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

6.5CVSS5.5AI score0.00419EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.4 views

PT-2026-7722

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 1.1.14 Description The RecursiveUrlLoader class within the @langchain/community component is a web crawler that recursively follows links from a starting URL. The preventOutside option, intended to restrict crawling...

4.1CVSS5.4AI score0.00371EPSS
Exploits0References17
OSV
OSV
added 2026/02/10 9:45 p.m.15 views

OPENSUSE-SU-2026:20192-1 Security update for tailscale

This update for tailscale fixes the following issues: Changes in tailscale: - Update to version 1.94.0: IS SET and NOT SET have been added as device posture operators India DERP Region City Name updated Custom DERP servers support GCP Certificate Manager Tailscale SSH authentication, when...

7.5CVSS6.8AI score0.00868EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/03 12:45 a.m.3 views

Insertion of Sensitive Information Into Sent Data

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data ...

6.3CVSS5.5AI score0.0022EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/01/22 5:55 a.m.22 views

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaig...

9.8CVSS5.9AI score0.66322EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.6 views

PT-2026-3248

Name of the Vulnerable Software and Affected Versions TheLibrarian affected versions not specified Description The Librarian software has an internal port scanning issue stemming from the web fetch tool. This tool allows for Server-Side Request Forgery SSRF-style behavior, enabling GET requests t...

7.5CVSS5.7AI score0.00373EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/01/14 7:3 p.m.7 views

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control C2 nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times,...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.8 views

CVE-2023-4800

The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users...

6.5CVSS6.6AI score0.00861EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:15 a.m.14 views

CVE-2019-2704

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: IPS Package Manager. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris. Successfu...

5.3CVSS5.2AI score0.01366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.14 views

CVE-2023-40718

A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets...

7.5CVSS6.7AI score0.00418EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.6 views

Cisco UTD SNORT IPS Engine Software和Cisco Secure Firewall Threat Defense Software 资源管理错误漏洞

Cisco UTD SNORT IPS Engine Software and Cisco Secure Firewall Threat Defense Software are both products of Cisco Corporation.Cisco UTD SNORT IPS Engine Software is an intrusion detection and defense Cisco Secure Firewall Threat Defense Software is a firewall operating system. A resource managemen...

5.8CVSS6.8AI score0.00634EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.5 views

Cisco Secure Firewall Threat Defense和Cisco UTD SNORT IPS Engine Software 信息泄露漏洞

Cisco Secure Firewall Threat Defense and Cisco UTD SNORT IPS Engine Software are both products of Cisco, Inc.Cisco Secure Firewall Threat Defense is an integrated firewall platform. Cisco UTD SNORT IPS Engine Software is an intrusion detection and defense engine. An information disclosure...

5.3CVSS6.4AI score0.00567EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/12/11 5:8 a.m.142 views

Exploit for Deserialization of Untrusted Data in Facebook React

$$\ $$\ $$$$$$$\ $$\ $$\ $$$$$$$$\ $$\ $...

10CVSS8.1AI score0.99562EPSS
Exploits374
RedhatCVE
RedhatCVE
added 2025/12/05 10:33 p.m.8 views

CVE-2025-6946

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

4.8CVSS5.4AI score0.00157EPSS
Exploits0References1
Rows per page
Query Builder