Total CVEs

142,250

Critical Severity

3,947

High Severity

14,209

Last 7 Days

1,911
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,741 - 11,760 of 14,291 CVEs
CVE-2019-25388 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRC_IP and COMMENT parameter...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25387 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DEST_PORT, or COMM...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25386 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRC_IP, DEST_IP,...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25385 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with script payloads to e...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25384 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the EXT, SRC_PORT_SEL,...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25383 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in parameters ...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25382 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTP_SERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the NT...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25381 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint with script payloads ...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25380 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters such...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25378 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and MAX_INCOMING_SIZE. Attackers can submi...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2026-2565 MEDIUM - 6.6

A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high c...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2563 MEDIUM - 6.3

A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the a...

Vendor: jdcloud
Product: ax6600_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2562 MEDIUM - 6.3

A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be performed from remote. The...

Vendor: jdcloud
Product: ax6600_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2561 MEDIUM - 6.3

A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploit...

Vendor: jdcloud
Product: ax6600_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2032 MEDIUM - 4.3

Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability affects Firefox for iOS < 147.2.1.

Vendor: mozilla
Product: firefox
Published: Feb 16, 2026
Source: NVD
CVE-2026-2560 MEDIUM - 6.3

A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command injection. The attack can be ...

Published: Feb 16, 2026
Source: NVD
CVE-2026-2558 MEDIUM - 6.3

A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. ...

Published: Feb 16, 2026
Source: NVD
CVE-2026-2556 MEDIUM - 6.3

A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack may be init...

Vendor: cskefu
Product: cskefu
Published: Feb 16, 2026
Source: NVD
CVE-2025-14350 MEDIUM - 4.3

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the cha...

Vendor: Mattermost
Product: Mattermost
Published: Feb 16, 2026
Source: NVD
CVE-2026-2555 MEDIUM - 5.0

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization. The...

Vendor: jeecg
Product: jeecg_boot
Published: Feb 16, 2026
Source: NVD