CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

808 matches found

ATTACKERKB•added 2026/02/23 10:31 a.m.•2 views

CVE-2025-40986

Reflected Cross-Site Scripting XSS vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the endpoint 'cookies/indes.php/'. This vulnerability can be exploited to steal confidential user data,...

5.1CVSS5.8AI score0.00419EPSS

Exploits0References2Affected Software1

NVD•added 2026/02/20 5:25 p.m.•3 views

CVE-2026-27502

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute...

6.1CVSS0.00201EPSS

Exploits0References2

Snyk•added 2026/02/19 8:45 p.m.•4 views

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the session object. An attacker can cause sensitive user-specific responses to be cached and served to other users by leveraging a caching proxy that does not ignore responses with cookie...

6.5CVSS5.5AI score0.00374EPSS

Exploits0References2

OSV•added 2026/02/19 1:16 p.m.•2 views

CVE-2019-25424

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the httpsexceptions endpoint with script payloads to execut...

5.1CVSS5.9AI score0.0033EPSS

Exploits1References4

NVD•added 2026/02/19 1:16 p.m.•3 views

CVE-2019-25424

6.1CVSS0.0033EPSS

Exploits1References4

NVD•added 2026/02/19 1:16 p.m.•4 views

CVE-2019-25418

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the FWADDRESSES parameter. Attackers can send POST requests to the /korugan/fwgroups endpoint with script payloads to execute arbitra...

6.1CVSS0.00344EPSS

Exploits1References4

Vulnrichment•added 2026/02/19 12:2 p.m.•4 views

CVE-2019-25424 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via https_exceptions

6.1CVSS5.6AI score0.0033EPSS

Exploits1References4

Cvelist•added 2026/02/19 12:2 p.m.•25 views

CVE-2019-25418 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via fwgroups

6.1CVSS0.00344EPSS

Exploits1References4

Vulnrichment•added 2026/02/19 12:2 p.m.•4 views

CVE-2019-25418 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via fwgroups

6.1CVSS5.6AI score0.00344EPSS

Exploits1References4

Cvelist•added 2026/02/19 8:44 a.m.•24 views

CVE-2025-40697 Reflected Cross-Site Scripting (XSS) in Lewe WebMeasure

Reflected Cross-Site Scripting XSS vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the 'page' parameter. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of...

5.1CVSS0.00404EPSS

Exploits0References1

Vulnrichment•added 2026/02/19 8:44 a.m.•2 views

CVE-2025-40697 Reflected Cross-Site Scripting (XSS) in Lewe WebMeasure

5.1CVSS6.2AI score0.00404EPSS

Exploits0References1

OSV•added 2026/02/16 6:19 p.m.•1 views

CVE-2019-25385

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with script payloads to...

6.1CVSS5.9AI score0.00225EPSS

Exploits1References3

NVD•added 2026/02/16 6:19 p.m.•6 views

CVE-2019-25385

6.1CVSS0.00225EPSS

Exploits1References3

CNNVD•added 2026/02/16 12:0 a.m.•4 views

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the outgoing.cgi endpoint in the MACHINE and MACHINECOMMENT parameters of the user-supplied data lack of effective...

6.1CVSS5.9AI score0.00225EPSS

Exploits1References3

Positive Technologies•added 2026/02/16 12:0 a.m.•3 views

PT-2026-8368

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with script payloads t...

6.1CVSS5.6AI score0.00225EPSS

Exploits1References3

Snyk•added 2026/02/13 9:4 p.m.•2 views

Cross-site Scripting (XSS)

Overview agents is an A home for your AI agents Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter, which is directly interpolated into an HTML script tag without proper escaping. An attacker can execute arbitrary JavaScript in th...

8.2CVSS5.7AI score

Exploits0References2

RedhatCVE•added 2026/02/13 7:18 p.m.•4 views

CVE-2026-24894

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potential...

8.7CVSS5.5AI score0.00356EPSS

Exploits1References1

ATTACKERKB•added 2026/02/12 7:12 p.m.•3 views

CVE-2026-24894

8.7CVSS5.5AI score0.00356EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/02/12 7:12 p.m.•3 views

CVE-2026-24894 FrankenPHP leaks session data between requests in worker mode

8.7CVSS5.5AI score0.00356EPSS

Exploits1References3

Cvelist•added 2026/02/12 7:12 p.m.•22 views

CVE-2026-24894 FrankenPHP leaks session data between requests in worker mode