Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2026-34973 — phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters E…

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the sea…

Remote | Injection
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34823 — Endian Firewall /manage/password/web/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is s…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34822 — Endian Firewall /manage/ca/certificate/ new_cert_name Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript …

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34821 — Endian Firewall /manage/vpnauthentication/user/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34820 — Endian Firewall /manage/ipsec/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored a…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34819 — Endian Firewall /cgi-bin/openvpnclient.cgi REMARK Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34818 — Endian Firewall /manage/dnsmasq/localdomains/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript t…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34817 — Endian Firewall /cgi-bin/smtprouting.cgi ADDRESS BCC Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript t…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34816 — Endian Firewall /manage/smtpscan/domainrouting/ domain Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34815 — Endian Firewall /cgi-bin/smtpdomains.cgi DOMAIN Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that i…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34814 — Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is …

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34813 — Endian Firewall /cgi-bin/proxyuser.cgi user Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is st…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34812 — Endian Firewall /cgi-bin/proxypolicy.cgi mimetypes Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript tha…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34811 — Endian Firewall /cgi-bin/xtaccess.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that is s…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34810 — Endian Firewall /cgi-bin/vpnfw.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stor…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34809 — Endian Firewall /cgi-bin/zonefw.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is sto…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34808 — Endian Firewall /cgi-bin/outgoingfw.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34807 — Endian Firewall /cgi-bin/incoming.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is s…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34806 — Endian Firewall /cgi-bin/snat.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/snat.cgi. An authenticated attacker can inject arbitrary JavaScript that is store…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34805 — Endian Firewall /cgi-bin/dnat.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dnat.cgi. An authenticated attacker can inject arbitrary JavaScript that is store…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
Showing 20 of 6338 Results