Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-5351 — Trendnet TEW-657BRM setup.cgi add_wps_client os command injection

A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injec…

| Injection
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
0.0 NA
CVE-2026-5350 — Trendnet TEW-657BRM setup.cgi update_pcdb stack-based overflow

A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stac…

| Memory Corruption
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
7.5 HIGH
CVE-2026-5346 — huimeicloud hm_editor image-to-base64 Endpoint mcp-server.js client.get server-side reque…

A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulat…

Remote | Server-Side Request Forgery
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.5 MEDIUM
CVE-2026-5344 — Textpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversal

A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt_uploadImage of the file rpc/TXP_RPCServer.php of the component XML-RPC Handler…

Remote | Path Traversal
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
5.5 MEDIUM
CVE-2026-5342 — LibRaw TIFF/NEF decoders_libraw.cpp nikon_load_padded_packed_raw out-of-bounds

A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipu…

Remote | Memory Corruption
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
5.8 MEDIUM
CVE-2026-5339 — Tenda G103 Setting gpon.lua action_set_net_settings command injection

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of th…

Remote | Injection
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
9.3 CRITICAL
CVE-2026-35002 — Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type …

Remote | Injection
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
5.4 MEDIUM
CVE-2026-34974 — phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding leads to Stored XSS and Privilege…

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity encoding in javascript: URLs wit…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.9 MEDIUM
CVE-2026-34973 — phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters E…

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the sea…

Remote | Injection
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34823 — Endian Firewall /manage/password/web/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is s…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34822 — Endian Firewall /manage/ca/certificate/ new_cert_name Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript …

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34821 — Endian Firewall /manage/vpnauthentication/user/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34820 — Endian Firewall /manage/ipsec/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored a…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34819 — Endian Firewall /cgi-bin/openvpnclient.cgi REMARK Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34818 — Endian Firewall /manage/dnsmasq/localdomains/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript t…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34817 — Endian Firewall /cgi-bin/smtprouting.cgi ADDRESS BCC Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript t…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34816 — Endian Firewall /manage/smtpscan/domainrouting/ domain Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34815 — Endian Firewall /cgi-bin/smtpdomains.cgi DOMAIN Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that i…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34814 — Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is …

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34813 — Endian Firewall /cgi-bin/proxyuser.cgi user Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is st…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
Showing 20 of 6334 Results