Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,321 - 11,340 of 14,604 CVEs
CVE-2019-25414 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with script payloads in the ID parameter to execute a...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25413 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execute a...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25412 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTP_SERVER_LIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the NTP_S...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25411 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY_GREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript i...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25410 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute ar...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25409 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute arbitr...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25408 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask_addr paramet...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25407 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attackers can send POST requests to the backupschedule endpoint with JavaScript code in the BACKUP_RCPTTO...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25406 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the organization parameter. Attackers can send POST requests to the korugan/cmclient endpoint with script payloads in the organization parameter to exe...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25404 MEDIUM - 6.4

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the admin_name, name, and surname parameters via PO...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25403 MEDIUM - 6.4

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the admin_profiles endpoint that executes in the browsers...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2019-25402 MEDIUM - 6.1

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the login endpoint with script payloads in the username fiel...

Vendor: Cdome
Product: Comodo Dome Firewall
Published: Feb 19, 2026
Source: NVD
CVE-2025-15563 MEDIUM - 5.3

Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here.

Vendor: NesterSoft Inc.
Product: WorkTime (on-prem/cloud)
Published: Feb 19, 2026
Source: NVD
CVE-2025-15562 MEDIUM - 6.1

The server API endpointย /report/internet/urls reflects received data into the HTML response without applying proper encoding or filtering. This allows an attacker to execute arbitrary JavaScript in the victim's browser if the victim opens a URL prepared by the attacker.

Vendor: NesterSoft Inc.
Product: WorkTime (on-prem/cloud)
Published: Feb 19, 2026
Source: NVD
CVE-2026-2718 MEDIUM - 6.4

The Dealia โ€“ Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.6. This is due to the use of `wp_kses()` for output escaping within HTML attribute contexts where `esc_attr()` is required. This mak...

Published: Feb 19, 2026
Source: NVD
CVE-2026-2716 MEDIUM - 4.4

The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta...

Published: Feb 19, 2026
Source: NVD
CVE-2026-22268 MEDIUM - 6.3

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.

Vendor: Dell
Product: PowerProtect Data Manager
Published: Feb 19, 2026
Source: NVD
CVE-2026-22266 MEDIUM - 4.7

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.

Vendor: Dell
Product: PowerProtect Data Manager
Published: Feb 19, 2026
Source: NVD
CVE-2026-1461 MEDIUM - 6.5

The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin only validating webhook signatures when the stripe-webhook-signing-secret setting is configured, which...

Published: Feb 19, 2026
Source: NVD
CVE-2026-1219 MEDIUM - 5.3

The MP3 Audio Player โ€“ Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'load_track_note_ajax' due to missing validation on a user controlled key. This makes it possible for unauthentic...

Published: Feb 19, 2026
Source: NVD