CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58973 matches found

ATTACKERKB•added 2026/02/15 1:58 p.m.•9 views

CVE-2019-25376

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogAC...

6.1CVSS5.6AI score0.00363EPSS

Exploits1References4Affected Software1

EUVD•added 2026/02/15 1:58 p.m.•6 views

EUVD-2019-19420

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver...

6.1CVSS5.8AI score0.0036EPSS

Exploits1References4

ATTACKERKB•added 2026/02/15 1:58 p.m.•7 views

CVE-2019-25375

6.1CVSS5.7AI score0.0036EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2026/02/15 1:58 p.m.•5 views

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS5.5AI score0.00199EPSS

Exploits1References4Affected Software1

EUVD•added 2026/02/15 1:58 p.m.•5 views

EUVD-2019-19421

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthroughnetworks parameter in vpnipsecsettings.php. Attackers can craft POST requests with JavaScript payloads in the passthroughnetworks parameter to execu...

6.1CVSS5.8AI score0.00319EPSS

Exploits1References4

Cvelist•added 2026/02/15 1:58 p.m.•25 views

CVE-2019-25374 OPNsense 19.1 Reflected XSS via vpn_ipsec_settings.php

6.1CVSS0.00319EPSS

Exploits1References4

Vulnrichment•added 2026/02/15 1:58 p.m.•5 views

CVE-2019-25372 OPNsense 19.1 Reflected XSS via diag_traceroute.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS5.6AI score0.00241EPSS

Exploits1References4

CVE•added 2026/02/15 1:58 p.m.•16 views

CVE-2019-25371

CVE-2019-25371 affects OPNsense 19.1. It is a reflected cross-site scripting vulnerability in the diag_ping.php endpoint where insufficient input validation on the host parameter allows unauthenticated users to submit crafted POST requests and execute arbitrary JavaScript in other users’ browsers...

6.1CVSS5.5AI score0.00241EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/02/15 1:58 p.m.•29 views

CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS0.00241EPSS

Exploits1References4

Cvelist•added 2026/02/15 1:58 p.m.•27 views

CVE-2019-25368 OPNsense 19.1 Reflected XSS via diag_backup.php

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...

5.4CVSS0.00132EPSS

Exploits1References4

RedhatCVE•added 2026/02/15 7:10 a.m.•15 views

CVE-2026-1985

The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all versions up to, and including, 1.0.2. This is due to the plugin failing to sanitize and validate the URL scheme when storing link URLs for 3D model blocks, allowing javascript:...

6.4CVSS5.8AI score0.00279EPSS

Exploits0References1

CNNVD•added 2026/02/15 12:0 a.m.•4 views

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability in the...

6.4CVSS5.7AI score0.00199EPSS

Exploits1References4

Positive Technologies•added 2026/02/15 12:0 a.m.•9 views

PT-2026-8243

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diag ping.php endpoint with script payloads ...

6.1CVSS5.5AI score0.00241EPSS

Exploits1References5

Positive Technologies•added 2026/02/15 12:0 a.m.•10 views

PT-2026-8247

6.1CVSS5.7AI score0.0036EPSS

Exploits1References5

Positive Technologies•added 2026/02/15 12:0 a.m.•9 views

PT-2026-8249

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system advanced sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

5.4CVSS5.2AI score0.00243EPSS

Exploits1References5