Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.4 MEDIUM
CVE-2026-34821 — Endian Firewall /manage/vpnauthentication/user/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34820 — Endian Firewall /manage/ipsec/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored a…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34819 — Endian Firewall /cgi-bin/openvpnclient.cgi REMARK Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34818 — Endian Firewall /manage/dnsmasq/localdomains/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript t…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34817 — Endian Firewall /cgi-bin/smtprouting.cgi ADDRESS BCC Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript t…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34816 — Endian Firewall /manage/smtpscan/domainrouting/ domain Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34815 — Endian Firewall /cgi-bin/smtpdomains.cgi DOMAIN Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that i…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34814 — Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is …

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34813 — Endian Firewall /cgi-bin/proxyuser.cgi user Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is st…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34812 — Endian Firewall /cgi-bin/proxypolicy.cgi mimetypes Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript tha…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34811 — Endian Firewall /cgi-bin/xtaccess.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that is s…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34810 — Endian Firewall /cgi-bin/vpnfw.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stor…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34809 — Endian Firewall /cgi-bin/zonefw.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is sto…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34808 — Endian Firewall /cgi-bin/outgoingfw.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34807 — Endian Firewall /cgi-bin/incoming.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is s…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34806 — Endian Firewall /cgi-bin/snat.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/snat.cgi. An authenticated attacker can inject arbitrary JavaScript that is store…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34805 — Endian Firewall /cgi-bin/dnat.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dnat.cgi. An authenticated attacker can inject arbitrary JavaScript that is store…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34804 — Endian Firewall /manage/qos/rules/ dscp Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34803 — Endian Firewall /manage/qos/classes/ name Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parameter to /manage/qos/classes/. An authenticated attacker can inject arbitrary JavaScript that is stor…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
6.4 MEDIUM
CVE-2026-34802 — Endian Firewall /cgi-bin/salearn.cgi remark user ham spam Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user ham spam parameter to /cgi-bin/salearn.cgi. An authenticated attacker can inject arbitrary JavaScr…

Remote | Cross-Site Scripting
Apr 02, 2026 Apr 02, 2026
Apr 02, 2026
Apr 02, 2026
Showing 20 of 6351 Results