9.3
CVE-2025-15346 - wolfSSL Python library `CERT_REQUIRED` mode fails to enforce client certificate requirement
A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.Β Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer β¦
5.8
CVE-2026-21859 - Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF)
Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery (SSRF) vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it doβ¦
4.3
CVE-2026-21695 - Titra API Contains Mass Assignment Vulnerability
Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint uses β¦
5.1
CVE-2019-25284 - V-SOL GPON/EPON OLT Platform V2.03.62R_IPv6 v2.03 Reflected Cross-Site Scripting Vulnerability
V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. Attackers can exploit these vulnerabilities by injecting malicious HTML and script code to execute arbitrary scripts in a victim's broβ¦
5.1
CVE-2019-25280 - Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter
Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions.
5.1
CVE-2019-25277 - FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting via pluginInstall.php
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing auβ¦
5.1
CVE-2019-25270 - SOCA Access Control System 180612 Reflected Cross-Site Scripting via logged_page.php
SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attackers to inject malicious scripts. Attackers can exploit this weakness by sending crafted POST requests to execute arbitrary HTML and script code in a β¦
6.8
CVE-2026-21694 - Titra APIs have Improper Access Control
Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.
9.3
CVE-2019-25291 - INIM Electronics Smartliving SmartLAN/G/SI <=6.x Hard-coded Credentials Vulnerability
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving deviβ¦
6.9
CVE-2019-25290 - INIM Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF via GetImage
Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through aβ¦