Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,301 - 11,320 of 14,604 CVEs
CVE-2026-27122 MEDIUM - 5.4

svelte performance oriented web framework. Prior to 5.51.5, when using <svelte:element this={tag}> in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML in...

Vendor: npm
Product: svelte
Published: Feb 19, 2026
Source: GitHub
CVE-2026-27121 MEDIUM - 5.4

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting (XSS) during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an applica...

Vendor: npm
Product: svelte
Published: Feb 19, 2026
Source: GitHub
CVE-2026-27119 MEDIUM - 5.4

svelte performance oriented web framework. From 5.39.3, <=5.51.4, in certain circumstances, the server-side rendering output of an <option> element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulner...

Vendor: npm
Product: svelte
Published: Feb 19, 2026
Source: GitHub

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration (ISR) is accessible on all routes, allowin...

Vendor: npm
Product: @sveltejs/adapter-vercel
Published: Feb 19, 2026
Source: GitHub
CVE-2026-27111 MEDIUM - 5.0

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separa...

Vendor: go
Product: github.com/akuity/kargo
Published: Feb 19, 2026
Source: GitHub
CVE-2026-25527 MEDIUM - 5.3

changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static/<group>/<filename>` route accepts `group=".."`, which causes `send_from_directory("static/..", filename)` to execute. This moves the base directory up to...

Vendor: dgtlmoon
Product: changedetection.io
Published: Feb 19, 2026
Source: NVD
CVE-2019-25430 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpn_users endpoint with script payloads in the username ...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25429 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpn_advanced endpoint. Attackers can inject JavaScript code through the GLOBAL_NETWORKS and GLOBAL_DNS parameters via POST reque...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25428 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets, explicitrou...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25427 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the antispyware endpoint. Attackers can send POST requests with JavaScript payloads in the DNSMASQ_WHITELIST or DNSMASQ_BLACKLIST parame...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25426 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the dnsmasq endpoint. Attackers can send POST requests with script payloads in the TRANSPARENT_SOURCE_BYPASS or TRANSPARENT_DESTINATION_...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25425 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUS_ADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary JavaScr...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25424 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the https_exceptions endpoint with script payloads to execute ...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25423 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /korugan/proxyconfig endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with JavaScript payloads in parameters like PROXY_PORT...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25421 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark parameters to execute arbitrary code in adminis...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25420 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the snat endpoint. Attackers can send POST requests with JavaScript payloads in the port or snat_to_ip parameters to execute arbitrary s...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25418 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the FWADDRESSES parameter. Attackers can send POST requests to the /korugan/fwgroups endpoint with script payloads to execute arbitrary ...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25417 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the protocol parameter. Attackers can send POST requests to the QoS rules management endpoint with JavaScript payloads in the protocol p...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25416 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through the device parameter. Attackers can send POST requests to the QoS devices management endpoint with script payloads in the device pa...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25415 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspot_permanent_users endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to exe...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD