CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-23611 GFI MailEssentials AI versions prior toΒ 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can supply HTML/JavaScript in the ctl00$Cont... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-23610 GFI MailEssentials AI versions prior toΒ 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuration endpoint. An authenticated user can supply HTML/JavaScript in the POP... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-23609 GFI MailEssentials AI versions prior toΒ 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can supply HTML/JavaScript in t... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-23608 GFI MailEssentials AI versions prior toΒ 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can supply HTML/JavaScript in the ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-23607 GFI MailEssentials AI versions prior toΒ 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spam Whitelist management interface. An authenticated user can supply HTML/JavaScript in th... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-23606 GFI MailEssentials AI versions prior toΒ 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScr... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-23605 GFI MailEssentials AI versions prior toΒ 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-23604 GFI MailEssentials AI versions prior toΒ 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in th... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-2232 The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to ins... | 7.5 | HIGH | β | 0 |
| CVE-2026-26336 Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive... | 7.5 | HIGH | β | 0 |
| CVE-2026-26030 Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The ... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-26016 Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with... | 8.1 | HIGH | β | 0 |
| CVE-2026-25998 strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database (private keys, EAP secrets), strongMan encrypts the corresponding database f... | 7.5 | HIGH | β | 0 |
| CVE-2026-24834 Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with C... | 9.3 | CRITICAL | β | 0 |
| CVE-2026-1581 The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied... | 7.5 | HIGH | β | 0 |
| CVE-2025-69725 An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain. | 4.7 | MEDIUM | β | 0 |
| CVE-2025-69674 Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.250211) allows an attacker to execute arbitrary code via the node_mac, node_opt, opt_param, and domainblk parameters of ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2274 A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network r... | N/A | NONE | β | 0 |
| CVE-2026-26345 SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnerability in the public area triggered in certain edge-case usage patterns. The echapper_html_suspect() function does not adequately ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-26223 SPIP before 4.4.8 allows cross-site scripting (XSS) in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an at... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-25940 jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript action... | 8.1 | HIGH | β | 0 |
| CVE-2026-25766 Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echoβs `middleware.Static` using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote f... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-25739 Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-25738 Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to server-side request forgery. Indico makes ou... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-71250 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2025-71249 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2025-71248 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2025-71247 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2025-71246 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2025-71245 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2025-71244 SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary exte... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-71243 The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execu... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-71242 SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-71241 SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-71240 SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicio... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-25755 jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By... | 8.1 | HIGH | β | 0 |
| CVE-2026-25535 jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitize... | 7.5 | HIGH | β | 0 |
| CVE-2026-25527 changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static/<group>/<filename>` route accepts `group=".."`, which causes `send_from_directory("st... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-55853 SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF converter function does not check if internal or external resources are requested in the uploaded files and... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-2744 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2019-25430 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username paramet... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25429 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpn_advanced endpoint. Attac... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25428 Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoint that allow attackers to inject malicious scripts through POST parameters. Atta... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25427 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the antispyware endpoint. Attackers ... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25426 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the dnsmasq endpoint. Attackers can ... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25425 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUS_ADMIN parameter. Attackers... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25424 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter.... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25423 Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /korugan/proxyconfig endpoint that allow attackers to inject malicious scripts through POST parameter... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25422 Comodo Dome Firewall 2.7.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the vpnfw endpoint. Attackers can submit POST requests with script pay... | 7.2 | HIGH | β | 0 |
| CVE-2019-25421 Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests wit... | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.