Latest CVE Feed
-
6.1
MEDIUMCVE-2019-25385
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the ou... Read more
Affected Products : smoothwall- Published: Feb. 16, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-25651
client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP r... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2019-25324
RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary ... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25371
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the di... Read more
Affected Products : opnsense- Published: Feb. 15, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-26023
Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript paylo... Read more
Affected Products : dify- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-1438
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without app... Read more
- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25423
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /korugan/proxyconfig endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with Java... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-24426
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary ... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-25578
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user ... Read more
Affected Products : navidrome- Published: Feb. 04, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25370
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces_vlan_edit.php with script paylo... Read more
Affected Products : opnsense- Published: Feb. 15, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-1467
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A re... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2026-24328
SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s br... Read more
Affected Products : business_server_pages- Published: Feb. 10, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Server-Side Request Forgery
-
6.1
MEDIUMCVE-2026-25154
LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" sessio... Read more
Affected Products : localsend- Published: Jan. 30, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2026-1634
The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possi... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-1795
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated at... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-1792
The Geo Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL path in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-70792
Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code executio... Read more
Affected Products : microweber- Published: Feb. 05, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-2502
The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0, via the 'X-Forwarded-For' HTTP header. This is due to the plugin trusting and logging attacker-controlled IP header data an... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-23738
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the ... Read more
- Published: Feb. 06, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25428
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payl... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting