Latest CVE Feed

CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable

Score

Vulnerability

Published

6.4 MEDIUM

CVE-2026-34817 — Endian Firewall /cgi-bin/smtprouting.cgi ADDRESS BCC Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript t…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34816 — Endian Firewall /manage/smtpscan/domainrouting/ domain Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34815 — Endian Firewall /cgi-bin/smtpdomains.cgi DOMAIN Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that i…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34814 — Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is …

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34813 — Endian Firewall /cgi-bin/proxyuser.cgi user Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is st…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34812 — Endian Firewall /cgi-bin/proxypolicy.cgi mimetypes Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript tha…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34811 — Endian Firewall /cgi-bin/xtaccess.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that is s…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34810 — Endian Firewall /cgi-bin/vpnfw.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stor…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34809 — Endian Firewall /cgi-bin/zonefw.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is sto…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34808 — Endian Firewall /cgi-bin/outgoingfw.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34807 — Endian Firewall /cgi-bin/incoming.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is s…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34806 — Endian Firewall /cgi-bin/snat.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/snat.cgi. An authenticated attacker can inject arbitrary JavaScript that is store…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34805 — Endian Firewall /cgi-bin/dnat.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dnat.cgi. An authenticated attacker can inject arbitrary JavaScript that is store…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34804 — Endian Firewall /manage/qos/rules/ dscp Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34803 — Endian Firewall /manage/qos/classes/ name Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parameter to /manage/qos/classes/. An authenticated attacker can inject arbitrary JavaScript that is stor…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34802 — Endian Firewall /cgi-bin/salearn.cgi remark user ham spam Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user ham spam parameter to /cgi-bin/salearn.cgi. An authenticated attacker can inject arbitrary JavaScr…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34801 — Endian Firewall /manage/dhcp/fixed_leases/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dhcp/fixed_leases/. An authenticated attacker can inject arbitrary JavaScript that…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34800 — Endian Firewall /cgi-bin/uplinkeditor.cgi NAME Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the NAME parameter to /cgi-bin/uplinkeditor.cgi. An authenticated attacker can inject arbitrary JavaScript that is…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34799 — Endian Firewall /manage/dnsmasq/hosts/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/hosts/. An authenticated attacker can inject arbitrary JavaScript that is …

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

6.4 MEDIUM

CVE-2026-34798 — Endian Firewall /cgi-bin/routing.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/routing.cgi. An authenticated attacker can inject arbitrary JavaScript that is st…

firewall | Remote | Cross-Site Scripting

Apr 02, 2026 Apr 02, 2026

Apr 02, 2026

Apr 02, 2026

Showing 20 of 6370 Results

1
...
5
6
7
8
9
10
11
...
319