Search

Search Results (364197 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-25411 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY_GREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript in administrator browsers.
CVE-2019-25410 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute arbitrary JavaScript in users' browsers.
CVE-2019-25409 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute arbitrary JavaScript in users' browsers.
CVE-2019-25408 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask_addr parameter to execute arbitrary JavaScript in users' browsers.
CVE-2019-25407 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attackers can send POST requests to the backupschedule endpoint with JavaScript code in the BACKUP_RCPTTO parameter to execute arbitrary scripts in users' browsers.
CVE-2019-25406 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the organization parameter. Attackers can send POST requests to the korugan/cmclient endpoint with script payloads in the organization parameter to execute arbitrary JavaScript in users' browsers.
CVE-2019-25405 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 7.2 High
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense field to execute arbitrary JavaScript in administrators' browsers.
CVE-2019-25404 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.4 Medium
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the admin_name, name, and surname parameters via POST requests to the /korugan/admins endpoint, which are stored and executed when administrators access the interface.
CVE-2019-25403 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.4 Medium
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the admin_profiles endpoint that executes in the browsers of other users who view the affected page.
CVE-2019-25402 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the login endpoint with script payloads in the username field to execute arbitrary JavaScript in users' browsers.
CVE-2024-23463 1 Zscaler 1 Client Connector 2026-03-02 8.8 High
Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to 4.2.1
CVE-2024-23457 1 Zscaler 1 Client Connector 2026-03-02 7.8 High
The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects Zscaler Client Connector on Windows prior to 4.2.0.209
CVE-2023-41971 1 Zscaler 1 Client Connector 2026-03-02 5.3 Medium
An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Windows allows a system file to be overwritten.This issue affects Client Connector on Windows: before 3.7.
CVE-2025-0178 1 Watchguard 28 Firebox M270, Firebox M290, Firebox M370 and 25 more 2026-03-02 6.1 Medium
Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious JavaScript into responses sent by the Web UI. This issue affects Fireware OS: from 12.0 up to and including 12.11.
CVE-2025-1071 1 Watchguard 28 Firebox M270, Firebox M290, Firebox M370 and 25 more 2026-03-02 4.8 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.
CVE-2025-62514 2 Parsec.cloud, Scille 2 Parsec, Parsec-cloud 2026-03-02 8.3 High
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue.
CVE-2024-22021 1 Veeam 3 Availability Orchestrator, Disaster Recovery Orchestrator, Recovery Orchestrator 2026-03-02 4.3 Medium
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
CVE-2024-42056 1 Retool 1 Retool 2026-03-02 6.5 Medium
Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1.
CVE-2023-26323 1 Mi 1 App Market 2026-03-02 7.6 High
A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.
CVE-2023-42896 1 Apple 3 Ipados, Iphone Os, Macos 2026-03-02 5.5 Medium
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system.