Security

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

13594

Total

907

Critical

3956

High

4292

Medium

CVE ID	Severity	Score	Description	Published
CVE-2026-35002	UNKNOWN	—	Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by …	Apr 02, 2026
CVE-2026-34974	MEDIUM	5.4	phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity …	Apr 02, 2026
CVE-2026-34973	UNKNOWN	—	phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search …	Apr 02, 2026
CVE-2026-34823	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34822	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34821	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34820	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34819	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34818	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34817	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript …	Apr 02, 2026
CVE-2026-34816	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34815	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34814	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34813	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34812	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34811	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34810	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34809	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34808	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34807	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34806	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/snat.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34805	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dnat.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34804	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34803	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parameter to /manage/qos/classes/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34802	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user ham spam parameter to /cgi-bin/salearn.cgi. An authenticated attacker can inject …	Apr 02, 2026

« Prev 499 500 501 502 503 Next »