Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13965
Total
913
Critical
4065
High
4299
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34797 | HIGH | 8.8 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_smtp.cgi. The DATE parameter value is … | Apr 02, 2026 |
| CVE-2026-34796 | HIGH | 8.8 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_openvpn.cgi. The DATE parameter value is … | Apr 02, 2026 |
| CVE-2026-34795 | HIGH | 8.8 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_log.cgi. The DATE parameter value is … | Apr 02, 2026 |
| CVE-2026-34794 | HIGH | 8.8 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The DATE parameter value is … | Apr 02, 2026 |
| CVE-2026-34793 | HIGH | 8.8 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_firewall.cgi. The DATE parameter value is … | Apr 02, 2026 |
| CVE-2026-34792 | HIGH | 8.8 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE parameter value is … | Apr 02, 2026 |
| CVE-2026-34791 | HIGH | 8.8 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_proxy.cgi. The DATE parameter value is … | Apr 02, 2026 |
| CVE-2026-34790 | HIGH | 7.1 | Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove … | Apr 02, 2026 |
| CVE-2026-34729 | MEDIUM | 6.1 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes(). This issue … | Apr 02, 2026 |
| CVE-2026-34728 | HIGH | 8.7 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file deletion for the media browser. When the fileRemove … | Apr 02, 2026 |
| CVE-2026-33641 | HIGH | 7.8 | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed … | Apr 02, 2026 |
| CVE-2026-33544 | HIGH | 7.7 | Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations (GenericOAuthService, GithubOAuthService, GoogleOAuthService) store PKCE verifiers and access tokens … | Apr 02, 2026 |
| CVE-2026-33533 | UNKNOWN | — | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server (activated with glances -s or glances --server) sends Access-Control-Allow-Origin: … | Apr 02, 2026 |
| CVE-2026-32871 | UNKNOWN | — | FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients … | Apr 02, 2026 |
| CVE-2026-32629 | UNKNOWN | — | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that … | Apr 02, 2026 |
| CVE-2026-31937 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue … | Apr 02, 2026 |
| CVE-2026-31935 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory … | Apr 02, 2026 |
| CVE-2026-31934 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for … | Apr 02, 2026 |
| CVE-2026-5338 | MEDIUM | 4.7 | A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function action_set_system_settings of the file system.lua of the component Setting … | Apr 02, 2026 |
| CVE-2026-5334 | HIGH | 7.3 | A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. … | Apr 02, 2026 |
| CVE-2026-5333 | HIGH | 7.3 | A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument … | Apr 02, 2026 |
| CVE-2026-5332 | LOW | 3.5 | A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of … | Apr 02, 2026 |
| CVE-2026-3692 | UNKNOWN | — | In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that … | Apr 02, 2026 |
| CVE-2026-35168 | HIGH | 8.8 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti (Updates) module in OpenSTAManager contains a database … | Apr 02, 2026 |
| CVE-2026-31933 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting … | Apr 02, 2026 |