CVE-2019-25377

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

EUVD-2019-19419

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

CVE-2019-25377 OPNsense 19.1 Reflected XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

CVE-2019-25377 OPNsense 19.1 Reflected XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

CVE-2019-25369 OPNsense 19.1 Stored XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...

EUVD-2019-19426

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...

CVE-2019-25369 OPNsense 19.1 Stored XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...

CVE-2019-25369

CVE-2019-25369 affects OPNsense 19.1 with a stored cross-site scripting (XSS) in the endpoint system_advanced_sysctl.php . The vulnerability allows an attacker to submit POST payloads to the tunable parameter, which are stored and later executed within the context of an authenticated user session...

CVE-2019-25369

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...

PT-2026-8249

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system advanced sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation of the value parameter in the...

PT-2026-8241

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system advanced sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context...

Unbreakable Enterprise kernel security update

5.4.17-2136.352.5 - crypto: afalg - Fix incorrect boolean values in afalgctx Eric Biggers Orabug: 38879907 CVE-2025-40022 5.4.17-2136.352.4 - arm64: pensando: Must boot Ortano kernel with spin-table Rob Gardner Orabug: 38821197 5.4.17-2136.352.3 - net/sched: adjust device watchdog timer to detect...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005096)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005096 advisory. In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize iuid/igid Always initialize iuid/igid inside the sysfs core so...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21642)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21642 advisory. - In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: sched: avoid using...

ROS-20260121-73-0045

A vulnerability in the sysctl.c component of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260119-7374

A vulnerability in the sysctlnetcore.c component of the Linux kernel is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004293)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004293 advisory. In the Linux kernel before 5.0.6, there is a NULL pointer dereference in dropsysctltable in fs/proc/procsysctl.c, related to putlinks, aka CID-23da9588037e. Tenable...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004223)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004223 advisory. A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000881)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000881 advisory. net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information...