5.1
CVE-2019-25372 - OPNsense 19.1 Reflected XSS via diag_traceroute.php
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diag_traceroute.php to execute arβ¦
5.1
CVE-2019-25371 - OPNsense 19.1 Reflected XSS via diag_ping.php
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diag_ping.php endpoint with script payloads inβ¦
5.1
CVE-2019-25370 - OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces_vlan_edit.php with script payloads in the tag, descr, or vlanif parameters β¦
5.1
CVE-2019-25369 - OPNsense 19.1 Stored XSS via system_advanced_sysctl.php
OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context oβ¦
4.8
CVE-2019-25368 - OPNsense 19.1 Reflected XSS via diag_backup.php
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url, Nextcloud_user, Nextcloud_pβ¦
4.8
CVE-2019-25367 - ArangoDB Community Edition 3.4.2-1 XSS via aardvark admin interface
ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. Attackers can inject scripts via parameters in /_db/_system/_admin/aardvark/index.html to execute JavaScripβ¦
6.9
CVE-2026-2517 - Open5GS SMF types.c ogs_gtp2_parse_tft denial of service
A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs_gtp2_parse_tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf[0].content.length results in denial of service. The attack is possible to be caβ¦
7.3
CVE-2026-2516 - Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path
A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicateβ¦
6.4
CVE-2026-2541 - Micca KE700 Brute-force vulnerability due to low entropy
The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an attaβ¦
8.4
CVE-2026-2540 - Micca KE700 Acceptance of previously used rolling codes
The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used (stale) rolling codes and execute a command. Successβ¦