Security

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

12600

Total

849

Critical

3629

High

3944

Medium

CVE ID	Severity	Score	Description	Published
CVE-2026-33691	MEDIUM	6.8	The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 …	Apr 02, 2026
CVE-2026-30332	HIGH	7.5	A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code …	Apr 02, 2026
CVE-2026-5346	HIGH	7.3	A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing …	Apr 02, 2026
CVE-2026-5344	MEDIUM	6.3	A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt_uploadImage of the file rpc/TXP_RPCServer.php of the …	Apr 02, 2026
CVE-2026-5342	MEDIUM	5.3	A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a …	Apr 02, 2026
CVE-2026-5339	MEDIUM	4.7	A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing …	Apr 02, 2026
CVE-2026-35002	UNKNOWN	—	Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by …	Apr 02, 2026
CVE-2026-34974	MEDIUM	5.4	phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity …	Apr 02, 2026
CVE-2026-34973	UNKNOWN	—	phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search …	Apr 02, 2026
CVE-2026-34823	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34822	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34821	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34820	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34819	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34818	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34817	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript …	Apr 02, 2026
CVE-2026-34816	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34815	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34814	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34813	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34812	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34811	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34810	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34809	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026
CVE-2026-34808	MEDIUM	6.4	Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that …	Apr 02, 2026

« Prev 459 460 461 462 463 Next »