8.7
CVE-2026-25535 - jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results i…
5.3
CVE-2026-25527 - changedetection.io vulnerable to unauthenticated static path traversal
changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static/<group>/<filename>` route accepts `group=".."`, which causes `send_from_directory("static/..", filename)` to execute. This moves the base directory up to `/app/changedetectionio`, enab…
8.3
CVE-2026-2744 - Blind SQL Injection
A blind time-based SQL injection exists in the Service Dependencies page. An authenticated user can inject arbitrary SQL via the keys of the select[] POST array parameter vulnerability in Centreon Centreon Infra Monitoring on Linux (Service Dependencies modules) allows allowing full database extrac…
5.1
CVE-2019-25430 - Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via vpn_users
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpn_users endpoint with script payloads in the username…
5.1
CVE-2019-25429 - Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via openvpn_advanced
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpn_advanced endpoint. Attackers can inject JavaScript code through the GLOBAL_NETWORKS and GLOBAL_DNS parameters via POST requ…
5.1
CVE-2019-25428 - Comodo Dome Firewall 2.7.0 Cross-Site Scripting via openvpn_users
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets, explicitro…
5.1
CVE-2019-25427 - Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via antispyware
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the antispyware endpoint. Attackers can send POST requests with JavaScript payloads in the DNSMASQ_WHITELIST or DNSMASQ_BLACKLIST param…
5.1
CVE-2019-25426 - Comodo Dome Firewall 2.7.0 Cross-Site Scripting via dnsmasq
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the dnsmasq endpoint. Attackers can send POST requests with script payloads in the TRANSPARENT_SOURCE_BYPASS or TRANSPARENT_DESTINATION…
5.1
CVE-2019-25425 - Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via smtpconfig
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUS_ADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary JavaSc…
5.1
CVE-2019-25424 - Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via https_exceptions
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the https_exceptions endpoint with script payloads to execute…