Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13965
Total
913
Critical
4065
High
4299
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34822 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34821 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34820 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34819 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34818 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34817 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript … | Apr 02, 2026 |
| CVE-2026-34816 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34815 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34814 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34813 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34812 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34811 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34810 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34809 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34808 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34807 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34806 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/snat.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34805 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dnat.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34804 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34803 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parameter to /manage/qos/classes/. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34802 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user ham spam parameter to /cgi-bin/salearn.cgi. An authenticated attacker can inject … | Apr 02, 2026 |
| CVE-2026-34801 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dhcp/fixed_leases/. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34800 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the NAME parameter to /cgi-bin/uplinkeditor.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34799 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/hosts/. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |
| CVE-2026-34798 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/routing.cgi. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |