CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5533 matches found

CVE•added 2026/02/15 1:58 p.m.•12 views

CVE-2019-25373

CVE-2019-25373 – OPNsense 19.1 Stored XSS has a vulnerability in the category field of the firewall_rules_edit.php endpoint. An authenticated user can submit crafted input via POST to this page, injecting JavaScript that is then executed in other users’ browsers when they view firewall rule pages...

6.4CVSS5.5AI score0.00199EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/02/15 1:58 p.m.•29 views

CVE-2019-25373 OPNsense 19.1 Stored XSS via firewall_rules_edit.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS0.00199EPSS

Exploits1References4

ATTACKERKB•added 2026/02/15 1:58 p.m.•5 views

CVE-2019-25373

6.4CVSS5.5AI score0.00199EPSS

Exploits1References4Affected Software1

EUVD•added 2026/02/15 1:58 p.m.•4 views

EUVD-2019-19422

6.4CVSS5.6AI score0.00199EPSS

Exploits1References4

Vulnrichment•added 2026/02/15 1:58 p.m.•3 views

CVE-2019-25373 OPNsense 19.1 Stored XSS via firewall_rules_edit.php

6.4CVSS5.6AI score0.00199EPSS

Exploits1References4

CNNVD•added 2026/02/15 12:0 a.m.•4 views

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability in the...

6.4CVSS5.7AI score0.00199EPSS

Exploits1References4

Positive Technologies•added 2026/02/15 12:0 a.m.•7 views

PT-2026-8245

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall rules edit.php with script payloads in the category field to execu...

6.4CVSS5.5AI score0.00199EPSS

Exploits1References5

Positive Technologies•added 2026/02/14 12:0 a.m.•3 views

PT-2026-8090

Name of the Vulnerable Software and Affected Versions NSFOCUS NIPS/IPS versions prior to Rule 5.6.11 Description The NSFOCUS Network Intrusion Prevention System NIPS / Intrusion Prevention System IPS is affected by an issue addressed with updates to the system’s detection rules in the 5.6.11...

5.4AI score

Exploits0References2

Vivaldi Security Advisories•added 2026/02/13 3:45 p.m.•3 views

Minor update (2) for Vivaldi Desktop Browser 7.8

Download Vivaldi The following improvements were made since the first 7.8 minor update: Ad Blocker Make sure the folder for downloaded adblocking rules is always created VIB-1713 Bookmarks Ampersand shown in bookmark bar folders when items they should be underlined VB-124777 Chromium Update to...

8.8CVSS5.7AI score0.2202EPSS

Exploits12References1

ATTACKERKB•added 2026/02/13 12:21 a.m.•6 views

CVE-2025-9292

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...

2CVSS5.6AI score0.00342EPSS

Exploits0References2

Positive Technologies•added 2026/02/11 12:0 a.m.•2 views

PT-2026-7483

Heads up, folks: Microsoft's February 2026 Patch Tuesday is out, dropping 55 vulnerability fixes across various products. Among these is CVE-2025-59498, which Microsoft has explicitly marked as Critical. This update is significant, addressing a broad spectrum of security issues. While the specifi...

5.5AI score

Exploits0References1

CNVD•added 2026/02/11 12:0 a.m.•2 views

TOTOLINK A950RG Stack Buffer Overflow Vulnerability

The TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A950RG suffers from a stack buffer overflow vulnerability that stems from insufficient validation of the length of the comment parameter in the setIpQosRules interface, which can b...

9.8CVSS6.2AI score0.00439EPSS

Exploits1References1

HackRead•added 2026/02/10 9:12 a.m.•2 views

Navigating MiCA: A Practical Compliance Guide for European CASPs

MiCA creates a single EU crypto rulebook, replacing national regimes with unified licensing, capital, and compliance rules for all CASPs...

5.5AI score

Exploits0

NVD•added 2026/02/09 10:16 p.m.•7 views

CVE-2026-25890

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashe...

8.1CVSS0.00461EPSS

Exploits2References3

ATTACKERKB•added 2026/02/09 9:21 p.m.•3 views

CVE-2026-25890

8.1CVSS5.5AI score0.00461EPSS

Exploits2References4Affected Software1

RedhatCVE•added 2026/02/09 1:33 a.m.•3 views

CVE-2026-2208

A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. The attack can be initiated remotely. Upgrading to version 8.21 is recommended ...

6.5CVSS4.6AI score0.00244EPSS

Exploits0References1

CNNVD•added 2026/02/09 12:0 a.m.•4 views

File Browser 安全漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.57.1 contained security vulnerabilities. These vulnerabilities stemmed from...

8.1CVSS5.8AI score0.00461EPSS

Exploits2References5