CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Japan Vulnerability Notes•added 2026/02/20 3:32 a.m.•6 views

WordPress Plugin "Survey Maker" vulnerable to cross-site scripting

Overview WordPress Plugin "Survey Maker" provided by Ays Pro contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-26370 Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS5.6AI score0.00193EPSS

Exploits0References4

SUSE CVE•added 2026/02/20 12:24 a.m.•3 views

SUSE CVE-2026-25500

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the javascript: scheme e.g. javascript:alert1, the...

5.4CVSS6.4AI score0.00224EPSS

Exploits1References3

CNNVD•added 2026/02/20 12:0 a.m.•5 views

WordPress plugin Aardvark 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Aardvark has a cross-site scripting vulnerability, the vulnerability stems fro...

7.1CVSS5.9AI score0.0023EPSS

Exploits0References1

OSV•added 2026/02/19 6:24 p.m.•2 views

CVE-2026-23614

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework IP Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv2$txtIPDescription parameter to...

5.4CVSS5.8AI score0.00173EPSS

Vulnrichment•added 2026/02/19 2:58 p.m.•5 views

CVE-2025-71240 SPIP < 4.2.15 Cross-Site Scripting via Code Tags

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

5.4CVSS5.6AI score0.00183EPSS

Exploits0References3

OSV•added 2026/02/19 1:16 p.m.•4 views

CVE-2019-25423

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /korugan/proxyconfig endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with JavaScript payloads in parameters like...

5.1CVSS5.9AI score

Exploits0References4

NVD•added 2026/02/19 1:16 p.m.•6 views

CVE-2019-25423

6.1CVSS0.00399EPSS

OSV•added 2026/02/19 1:16 p.m.•3 views

CVE-2019-25416

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through the device parameter. Attackers can send POST requests to the QoS devices management endpoint with script payloads in the device...

5.1CVSS5.9AI score0.00344EPSS

NVD•added 2026/02/19 1:16 p.m.•4 views

CVE-2019-25402

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the login endpoint with script payloads in the username...

6.1CVSS0.00384EPSS

CVE•added 2026/02/19 12:2 p.m.•6 views

CVE-2019-25426

Comodo Dome Firewall 2.7.0 is affected by a reflected cross-site scripting vulnerability in the dnsmasq endpoint. The issue allows an attacker to inject and execute arbitrary JavaScript in a user’s browser by sending crafted input via POST requests to the TRANSPARENT_SOURCE_BYPASS or TRANSPARENT_...

6.1CVSS5.6AI score0.00369EPSS

ATTACKERKB•added 2026/02/19 12:2 p.m.•5 views

CVE-2019-25424

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the httpsexceptions endpoint with script payloads to execut...

6.1CVSS5.6AI score0.0033EPSS

CVE•added 2026/02/19 12:2 p.m.•9 views

CVE-2019-25410

CVE-2019-25410 affects Comodo Dome Firewall 2.7.0 with a reflected cross-site scripting vulnerability in the policy_routing endpoint. The flaw permits attackers to inject JavaScript via the source and destination parameters in POST requests, potentially executing in users’ browsers. CVSS scores a...

6.1CVSS5.6AI score0.0034EPSS

ATTACKERKB•added 2026/02/19 12:2 p.m.•4 views

CVE-2019-25409

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute...

6.1CVSS5.6AI score0.0034EPSS

CNNVD•added 2026/02/19 12:0 a.m.•5 views

GFI MailEssentials AI 安全漏洞

GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage cross-site scripting vulnerability...

5.4CVSS5.7AI score0.00173EPSS

CNNVD•added 2026/02/19 12:0 a.m.•5 views

GFI MailEssentials AI 安全漏洞

5.4CVSS5.7AI score0.00173EPSS

Positive Technologies•added 2026/02/19 12:0 a.m.•4 views

PT-2026-20823

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the snat endpoint. Attackers can send POST requests with JavaScript payloads in the port or snat to ip parameters to execute arbitrar...

6.1CVSS5.6AI score0.00399EPSS

Positive Technologies•added 2026/02/19 12:0 a.m.•6 views

PT-2026-20818

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspot permanent users endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to...

6.1CVSS5.6AI score0.00384EPSS

Positive Technologies•added 2026/02/19 12:0 a.m.•5 views

PT-2026-20899

Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description GFI MailEssentials AI versions before 22.4 have a stored cross-site scripting issue in the Local Domains settings page. A logged-in user can inject HTML or JavaScript code into the...

5.4CVSS5.2AI score0.00173EPSS

Exploits0References6

OSSF Malicious Packages•added 2026/02/18 7:32 p.m.•7 views

Malicious code in telebot-infee (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 660cdc2470d38cf51f0a232119dd9765cba56eb66412f12d3c09b40dd7bd8530 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

5.6AI score