CVE-2019-25306 - BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path
CVE ID : CVE-2019-25306
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25306
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25307 - WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path
CVE ID : CVE-2019-25307
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25307
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25308 - Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Service Path
CVE ID : CVE-2019-25308
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25308
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25309 - Zilab Remote Console Server 3.2.9 - 'Zilab Remote Console Server' Unquoted Service Path
CVE ID : CVE-2019-25309
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25309
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25310 - ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path
CVE ID : CVE-2019-25310
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated administrative privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25310
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated administrative privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25311 - thesystem Persistent XSS
CVE ID : CVE-2019-25311
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25311
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25312 - InoERP 0.7.2 - Persistent Cross-Site Scripting
CVE ID : CVE-2019-25312
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session information.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25312
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session information.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25314 - Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting
CVE ID : CVE-2019-25314
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25314
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25315 - WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting
CVE ID : CVE-2019-25315
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25315
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25316 - GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting
CVE ID : CVE-2019-25316
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary JavaScript in victim browsers.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25316
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary JavaScript in victim browsers.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25317 - Kimai 2- persistent cross-site scripting (XSS)
CVE ID : CVE-2019-25317
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25317
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65127 - ZBT WE2001 Session Validation Bypass
CVE ID : CVE-2025-65127
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get_*" operations, attackers can obtain device configuration data, including plaintext credentials, without authentication or an existing session.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65127
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get_*" operations, attackers can obtain device configuration data, including plaintext credentials, without authentication or an existing session.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24789 - ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
CVE ID : CVE-2026-24789
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24789
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25084 - ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
CVE ID : CVE-2026-25084
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25084
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2313 - Google Chrome CSS Use-After-Free Heap Corruption Vulnerability
CVE ID : CVE-2026-2313
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2313
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2314 - Google Chrome Heap Buffer Overflow Vulnerability
CVE ID : CVE-2026-2314
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2314
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2315 - Google Chrome WebGPU Out-of-Bounds Memory Access Vulnerability
CVE ID : CVE-2026-2315
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2315
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2316 - Google Chrome UI Spoofing Vulnerability
CVE ID : CVE-2026-2316
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2316
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2317 - Google Chrome Animation Cross-Origin Data Leak Vulnerability
CVE ID : CVE-2026-2317
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2317
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2318 - Google Chrome PictureInPicture UI Spoofing Vulnerability
CVE ID : CVE-2026-2318
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2318
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2319 - Google Chrome DevTools Race Condition Object Corruption Vulnerability
CVE ID : CVE-2026-2319
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2319
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...