Common Vulnerabilities and Exposures (CVE)

CVE-2019-25381

Feb 16, 2026 17:04:55 UTC

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit P...

CVE-2019-25380

Feb 16, 2026 17:04:54 UTC

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST ...

CVE-2019-25379

Feb 16, 2026 17:04:54 UTC

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with scrip...

CVE-2019-25378

Feb 16, 2026 17:04:53 UTC

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, M...

CVE-2026-2566

Feb 16, 2026 17:02:06 UTC

A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the function sub_406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmware_url leads to stack-based buffer overflow. The atta...

CVE-2026-26930

Feb 16, 2026 16:35:18 UTC

SmarterTools SmarterMail before 9526 allows XSS via MAPI requests.

CVE-2026-2565

Feb 16, 2026 16:32:06 UTC

A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be...

CVE-2026-2101

Feb 16, 2026 16:02:37 UTC

A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary script code in user's browser session.

CVE-2026-2564

Feb 16, 2026 16:02:06 UTC

A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to laun...

CVE-2024-8419

Feb 16, 2026 15:43:48 UTC

The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.

CVE-2026-2563

Feb 16, 2026 15:32:45 UTC

A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to R...

CVE-2026-2447

Feb 16, 2026 15:18:48 UTC

Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.

CVE-2025-23368

Feb 16, 2026 15:18:01 UTC

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.

CVE-2025-65716

Feb 16, 2026 15:17:57 UTC

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file.

CVE-2025-65717

Feb 16, 2026 15:13:30 UTC

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page.