Skip to main content
CVE-2026-26282 MEDIUM POC This Month

NanaZip versions 5.0.1252.0 through 6.0.1629.0 contain an out-of-bounds heap read in the .NET Single File bundle parser that can crash the application or expose sensitive heap memory when processing malicious archive files. A local attacker with user privileges can exploit this vulnerability by crafting a specially formatted file, and public exploit code is currently available. No patch is yet available for affected users.

.NET Denial Of Service Nanazip
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-26312 MEDIUM POC This Month

Denial-of-service in Stalwart Mail Server versions 0.13.0 through 0.15.4 allows authenticated users to crash the server by sending a specially crafted email with malformed nested MIME parts through IMAP or JMAP, triggering infinite loops and resource exhaustion. The vulnerability requires valid credentials to exploit and public exploit code exists, but no patch is currently available for affected versions.

Denial Of Service Stalwart
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25229 MEDIUM POC PATCH This Month

Gogs versions 0.13.4 and earlier contain an access control bypass in the label management function that allows authenticated users to modify labels across repositories they don't own. The vulnerability stems from insufficient validation in the label update endpoint, enabling cross-repository label tampering attacks. Public exploit code exists for this issue, though a patch is available in version 0.14.1.

Authentication Bypass Gogs Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13671 MEDIUM POC This Month

Web Site Management Server versions up to 16.7.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

CSRF Web Site Management Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2019-25404 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. [CVSS 6.4 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25403 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. [CVSS 6.4 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25430 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2019-25414 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2019-25413 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2019-25402 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2019-25429 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpn_advanced endpoint. [CVSS 6.1 MEDIUM]

Openvpn XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25427 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the antispyware endpoint. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25423 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /korugan/proxyconfig endpoint that allow attackers to inject malicious scripts through POST parameters. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25421 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25420 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the snat endpoint. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25417 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the protocol parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25415 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspot_permanent_users endpoint. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25428 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoint that allow attackers to inject malicious scripts through POST parameters. [CVSS 6.1 MEDIUM]

Openvpn XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25426 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the dnsmasq endpoint. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25425 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUS_ADMIN parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25424 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25418 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the FWADDRESSES parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25416 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through the device parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25412 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTP_SERVER_LIST parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25411 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY_GREEN parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25407 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25410 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25409 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25408 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25406 MEDIUM POC This Month

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the organization parameter. [CVSS 6.1 MEDIUM]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-2684 MEDIUM POC This Month

Electronic Archives System versions up to 3.2.210802 is affected by improper access control (CVSS 7.3).

File Upload Authentication Bypass Electronic Archives System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2691 MEDIUM POC This Month

SQL injection in itsourcecode Event Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /admin/manage_register.php, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for unpatched deployments.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2690 MEDIUM POC This Month

SQL injection in itsourcecode Event Management System 1.0's admin login endpoint allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling attackers to potentially extract sensitive data or compromise system integrity. No patch is currently available for affected PHP installations.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2689 MEDIUM POC This Month

SQL injection in itsourcecode Event Management System 1.0's booking management interface allows unauthenticated remote attackers to manipulate database queries via the ID parameter in /admin/manage_booking.php. Public exploit code exists for this vulnerability, enabling potential unauthorized data access and modification. No patch is currently available to address this high-severity flaw affecting PHP-based deployments.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-27014 MEDIUM POC This Month

NanaZip versions 5.0.1252.0 through 6.0.1629.0 are vulnerable to denial of service through malformed ROMFS archives that trigger infinite loops via circular offset chains or stack overflow via deeply nested directory structures. Public exploit code exists for this vulnerability, allowing local attackers to crash the application and cause a denial of service. No patch is currently available.

Stack Overflow Nanazip
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-26953 MEDIUM POC PATCH This Month

Stored HTML injection in Pi-hole Admin Interface versions 6.0+ allows authenticated attackers to inject arbitrary HTML into the active sessions table via the X-Forwarded-For header, which is unsafely rendered when administrators view the API settings page. Public exploit code exists for this vulnerability, affecting administrators who manage Pi-hole instances. An attacker with valid credentials can exploit this to perform client-side attacks against other administrators viewing the compromised session data.

Python Jquery Web Interface
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-9208 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. [CVSS 5.4 MEDIUM]

XSS Web Site Management Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-13672 MEDIUM POC This Month

Web Site Management Server versions up to 16.7.0 is affected by cross-site scripting (xss) (CVSS 5.4).

XSS Web Site Management Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-26059 MEDIUM POC This Month

Stored cross-site scripting in ChurchCRM versions before 6.8.2 allows authenticated users with group editing permissions to inject malicious JavaScript that executes when other users view affected groups. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires user interaction and can result in session hijacking or unauthorized actions performed on behalf of affected users.

XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-25527 MEDIUM POC PATCH This Month

Changedetection.io versions before 0.53.2 allow unauthenticated attackers to read arbitrary files from the application directory through directory traversal in the static file serving endpoint. An attacker can exploit this by manipulating the group parameter to escape the intended static directory and access sensitive application files like source code. Public exploit code exists for this vulnerability, which has been patched in version 0.53.2.

Flask Changedetection
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25766 MEDIUM POC PATCH This Month

Unauthenticated remote file read in Echo web framework versions 5.0.0-5.0.2 on Windows allows attackers to traverse outside the static root directory and access arbitrary files via backslash path sequences in requests. The vulnerability stems from improper path normalization where path.Clean() does not treat backslashes as separators, but the underlying os.Open() call on Windows does, enabling directory traversal. Public exploit code exists for this medium-severity vulnerability, though a patch is available in version 5.0.3.

Windows Golang Path Traversal Echo Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-26338 MEDIUM This Month

SSRF in Hyland Alfresco Transformation Service via document processing.

SSRF Alfresco Transform Core Alfresco Transform Service
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-24126 MEDIUM PATCH This Month

Weblate versions up to 5.16.0 contains a vulnerability that allows attackers to an argument injection to `ssh-add` (CVSS 6.6).

SSH Weblate Suse
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-13587 MEDIUM This Month

The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. [CVSS 6.5 MEDIUM]

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0722 MEDIUM This Month

The Shield Security plugin for WordPress versions up to 21.0.8 contains a CSRF vulnerability that allows attackers to bypass nonce verification through a manipulated parameter, enabling SQL injection attacks to extract database contents. An unauthenticated attacker can exploit this by tricking a site administrator into clicking a malicious link, potentially compromising sensitive information stored in the WordPress database. No patch is currently available for affected installations.

WordPress SQLi CSRF
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-26057 MEDIUM PATCH This Month

Skill Scanner versions 1.0.1 and earlier expose an unauthenticated API endpoint due to improper interface binding, allowing remote attackers to trigger memory exhaustion or upload arbitrary files to the affected system. An attacker can exploit this without authentication by sending crafted API requests to the exposed server. A patch is available to address this network-accessible vulnerability.

Denial Of Service AI / ML Skill Scanner
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-1461 MEDIUM This Month

Simple Membership (WordPress plugin) versions up to 4.7.0 contains a security vulnerability (CVSS 6.5).

WordPress React
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-11725 MEDIUM This Month

Aruba HiSpeed Cache (WordPress plugin) versions up to 3.0.2. is affected by missing authorization (CVSS 6.5).

WordPress PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-26361 MEDIUM This Month

Dell Unisphere for PowerMax 10.2 contains a file path control vulnerability that allows authenticated remote attackers to disclose sensitive information. The vulnerability requires low-privileged credentials and network access but no user interaction, making it accessible to internal threats or compromised accounts. Currently no patch is available to remediate this issue.

Information Disclosure Unisphere For Powermax
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23545 MEDIUM This Month

Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy