6.9
CVE-2026-2669 - Rongzhitong Visual Integrated Command and Dispatch Platform User delete access control
A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component User Handler. This manipulation of the argument ID causes improper access controls. Remote exploitatioโฆ
5.7
CVE-2026-24744 - InvoicePlane has a Stored Cross-Site Scripting (XSS) issue
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the `invoโฆ
5.7
CVE-2026-24743 - InvoicePlane has a Stored Cross-Site Scripting (XSS) issue
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the upload Invoice Logo functions of InvoicePlane version 1.7.0. The Upload Invoice Logo function allows the application to upload svg fileโฆ
8.6
CVE-2026-27182 - Saturn Remote Mouse Server UDP Command Injection RCE
Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets with unsanitized command data that the servโฆ
4.8
CVE-2019-25400 - IPFire 2.21 Core Update 127 Multiple XSS via fwhosts.cgi
IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters including HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newhost, grp_name, remark, SRV_NAME, SRV_PORT, Sโฆ
5.1
CVE-2019-25399 - IPFire 2.21 Core Update 127 Stored XSS via extrahd.cgi
IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these parameters to execute arbiโฆ
5.1
CVE-2019-25398 - IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi
IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPN_IP, DMTU, ccdname, ccdsโฆ
5.1
CVE-2019-25397 - IPFire 2.21 Core Update 127 Cross-Site Scripting via hosts.cgi
IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the KEY1, IP, HOST, or DOM parameters to eโฆ
5.1
CVE-2019-25396 - IPFire 2.21 Core Update 127 Reflected XSS via updatexlrator.cgi
IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAX_DISK_USAGE or MAX_DOWNLOAD_RATE parameโฆ
5.7
CVE-2026-24746 - InvoicePlane has a Stored Cross-Site Scripting (XSS) issue
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Quotes functions of InvoicePlane version 1.7.0. In the Editing Quotes function, the application does not validate user input at thโฆ