CVE-2019-25314 - Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting
CVE ID : CVE-2019-25314
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25314
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25315 - WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting
CVE ID : CVE-2019-25315
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25315
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25316 - GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting
CVE ID : CVE-2019-25316
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary JavaScript in victim browsers.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25316
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary JavaScript in victim browsers.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25317 - Kimai 2- persistent cross-site scripting (XSS)
CVE ID : CVE-2019-25317
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25317
Published : Feb. 11, 2026, 2:56 p.m. | 26 minutes ago
Description : Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65127 - ZBT WE2001 Session Validation Bypass
CVE ID : CVE-2025-65127
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get_*" operations, attackers can obtain device configuration data, including plaintext credentials, without authentication or an existing session.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65127
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get_*" operations, attackers can obtain device configuration data, including plaintext credentials, without authentication or an existing session.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24789 - ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
CVE ID : CVE-2026-24789
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24789
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25084 - ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
CVE ID : CVE-2026-25084
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25084
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2313 - Google Chrome CSS Use-After-Free Heap Corruption Vulnerability
CVE ID : CVE-2026-2313
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2313
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2314 - Google Chrome Heap Buffer Overflow Vulnerability
CVE ID : CVE-2026-2314
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2314
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2315 - Google Chrome WebGPU Out-of-Bounds Memory Access Vulnerability
CVE ID : CVE-2026-2315
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2315
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2316 - Google Chrome UI Spoofing Vulnerability
CVE ID : CVE-2026-2316
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2316
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2317 - Google Chrome Animation Cross-Origin Data Leak Vulnerability
CVE ID : CVE-2026-2317
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2317
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2318 - Google Chrome PictureInPicture UI Spoofing Vulnerability
CVE ID : CVE-2026-2318
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2318
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2319 - Google Chrome DevTools Race Condition Object Corruption Vulnerability
CVE ID : CVE-2026-2319
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2319
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2320 - Google Chrome File Input UI Spoofing Vulnerability
CVE ID : CVE-2026-2320
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2320
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2321 - Google Chrome Ozone Use-After-Free Heap Corruption
CVE ID : CVE-2026-2321
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2321
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2322 - Google Chrome UI Spoofing Vulnerability
CVE ID : CVE-2026-2322
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 14 minutes ago
Description : Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2322
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 14 minutes ago
Description : Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2323 - Google Chrome UI Spoofing Vulnerability
CVE ID : CVE-2026-2323
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 14 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2323
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 14 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65128 - Shenzhen Zhibotong Electronics ZBT WE2001 Unauthenticated Configuration Modification Vulnerability
CVE ID : CVE-2025-65128
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 7 minutes ago
Description : A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "*_nocommit" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65128
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 7 minutes ago
Description : A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "*_nocommit" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65480 - Pacom Unison Client Remote Code Execution Vulnerability
CVE ID : CVE-2025-65480
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65480
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69874 - Nanotar Path Traversal Vulnerability
CVE ID : CVE-2025-69874
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 7 minutes ago
Description : nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69874
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 7 minutes ago
Description : nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...