5.1

CVSS4.0

CVE-2026-27506 - SVXportal <= 2.5 Profile Update Stored XSS

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow (user_settings.php submitting to admin/update_user.php). Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and image_url, which…

πŸ“… Published: Feb. 20, 2026, 4:55 p.m. πŸ”„ Last Modified: Feb. 20, 2026, 4:55 p.m.

8.4

CVSS4.0

CVE-2026-26099 - Uncontrolled Search Path Element in Owl opds

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.

πŸ“… Published: Feb. 20, 2026, 4:54 p.m. πŸ”„ Last Modified: Feb. 20, 2026, 4:54 p.m.

8.4

CVSS4.0

CVE-2026-26098 - Uncontrolled Search Path Element in Owl opds

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.

πŸ“… Published: Feb. 20, 2026, 4:54 p.m. πŸ”„ Last Modified: Feb. 20, 2026, 4:54 p.m.

8.4

CVSS4.0

CVE-2026-26097 - Uncontrolled Search Path Element in Owl opds

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.

πŸ“… Published: Feb. 20, 2026, 4:53 p.m. πŸ”„ Last Modified: Feb. 20, 2026, 4:53 p.m.

8.5

CVSS4.0

CVE-2026-26096 - Incorrect Permission Assignment for Critical Resource in Owl opds

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.

πŸ“… Published: Feb. 20, 2026, 4:52 p.m. πŸ”„ Last Modified: Feb. 20, 2026, 4:52 p.m.

8.5

CVSS4.0

CVE-2026-26095 - Incorrect Permission Assignment for Critical Resource in Owl opds

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.

πŸ“… Published: Feb. 20, 2026, 4:51 p.m. πŸ”„ Last Modified: Feb. 20, 2026, 4:51 p.m.

8.7

CVSS4.0

CVE-2026-26093 - Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds

Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.

πŸ“… Published: Feb. 20, 2026, 4:49 p.m. πŸ”„ Last Modified: Feb. 20, 2026, 4:50 p.m.

5.1

CVSS4.0

CVE-2026-27505 - SVXportal <= 2.5 admin/user_action.php Stored XSS

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow (index.php submitting to admin/user_action.php). User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and …

πŸ“… Published: Feb. 20, 2026, 4:49 p.m. πŸ”„ Last Modified: Feb. 20, 2026, 4:55 p.m.

5.1

CVSS4.0

CVE-2026-27504 - SVXportal <= 2.5 radiomobile_front.php stationid Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobile_front.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowin…

πŸ“… Published: Feb. 20, 2026, 4:48 p.m. πŸ”„ Last Modified: Feb. 20, 2026, 4:48 p.m.

5.1

CVSS4.0

CVE-2026-27503 - SVXportal <= 2.5 admin/log.php Search Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute, allowi…

πŸ“… Published: Feb. 20, 2026, 4:48 p.m. πŸ”„ Last Modified: Feb. 20, 2026, 4:48 p.m.
Total resulsts: 334046
Page 2 of 33,405
Β« previous page Β» next page
Filters