Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,707
Quick preset (or use dates below)
Clear Filters
Showing 11,661 - 11,680 of 14,604 CVEs
CVE-2025-7706 MEDIUM - 6.1

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0.

Published: Feb 17, 2026
Source: NVD
CVE-2026-2608 MEDIUM - 4.3

The Kadence Blocks โ€” Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access and...

Published: Feb 17, 2026
Source: NVD
CVE-2025-8303 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 (With Doping Module โ€“ Store Module โ€“ New Language System) allows Cross-Site Scripting (XSS).This is...

Published: Feb 17, 2026
Source: NVD
CVE-2026-0829 MEDIUM - 5.8

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access and ...

Published: Feb 17, 2026
Source: NVD
CVE-2026-1657 MEDIUM - 5.3

The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without implementing any authentication, authorization, o...

Published: Feb 17, 2026
Source: NVD
CVE-2026-2002 MEDIUM - 4.4

The Forminator Forms โ€“ Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form_name parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible fo...

Published: Feb 17, 2026
Source: NVD
CVE-2019-25393 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script payload...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25392 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP para...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25390 MEDIUM - 5.4

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through multiple parameters including GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVER...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25389 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the MACHINES parameter. Attackers can craft requests to the timedaccess.cgi endpoint with script payloads in the M...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25388 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRC_IP and COMMENT parameter...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25387 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DEST_PORT, or COMM...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25386 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRC_IP, DEST_IP,...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25385 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with script payloads to e...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25384 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the EXT, SRC_PORT_SEL,...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25383 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in parameters ...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25382 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTP_SERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the NT...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25381 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint with script payloads ...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25380 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters such...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25378 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and MAX_INCOMING_SIZE. Attackers can submi...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD