Latest CVE Feed
-
6.1
MEDIUMCVE-2026-1792
The Geo Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL path in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-26023
Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript paylo... Read more
Affected Products : dify- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25415
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspot_permanent_users endpoint. Attackers can send POST requests with JavaScript ... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-70849
Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequat... Read more
Affected Products : podinfo- Published: Feb. 03, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25410
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with scri... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-33135
IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms) is vulnerable to cross-site scripting. This vulnerabi... Read more
- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-1164
The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-70791
Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code ... Read more
Affected Products : microweber- Published: Feb. 05, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25411
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY_GREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with scri... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-0521
A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victim, will execute arbitrary JavaScript in the victim's co... Read more
Affected Products : map\+- Published: Feb. 06, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-25154
LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" sessio... Read more
Affected Products : localsend- Published: Jan. 30, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2019-25413
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with scr... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-1440
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without app... Read more
- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-1441
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without app... Read more
- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-25486
Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name ... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-24426
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary ... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-25489
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs b... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-24328
SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s br... Read more
Affected Products : business_server_pages- Published: Feb. 10, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Server-Side Request Forgery
-
6.1
MEDIUMCVE-2026-1795
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated at... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-70297
A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and ... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting