Export limit exceeded: 342055 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (37 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34790 | 2 Endian, Endian Firewall | 2 Firewall, Endian Firewall | 2026-04-02 | 7.1 High |
| Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences, which is then passed to an unlink() call. | ||||
| CVE-2026-34791 | 1 Endian | 1 Firewall | 2026-04-02 | 8.8 High |
| Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_proxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation. | ||||
| CVE-2026-34792 | 1 Endian | 1 Firewall | 2026-04-02 | 8.8 High |
| Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation. | ||||
| CVE-2026-34793 | 1 Endian | 1 Firewall | 2026-04-02 | 8.8 High |
| Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_firewall.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation. | ||||
| CVE-2026-34794 | 1 Endian | 1 Firewall | 2026-04-02 | 8.8 High |
| Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation. | ||||
| CVE-2026-34795 | 1 Endian | 1 Firewall | 2026-04-02 | 8.8 High |
| Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_log.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation. | ||||
| CVE-2026-34796 | 1 Endian | 1 Firewall | 2026-04-02 | 8.8 High |
| Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_openvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation. | ||||
| CVE-2026-34797 | 1 Endian | 1 Firewall | 2026-04-02 | 8.8 High |
| Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_smtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation. | ||||
| CVE-2026-34798 | 1 Endian | 1 Firewall | 2026-04-02 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/routing.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34799 | 1 Endian | 1 Firewall | 2026-04-02 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/hosts/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34800 | 1 Endian | 1 Firewall | 2026-04-02 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the NAME parameter to /cgi-bin/uplinkeditor.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34801 | 1 Endian | 1 Firewall | 2026-04-02 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dhcp/fixed_leases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34802 | 1 Endian | 1 Firewall | 2026-04-02 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user ham spam parameter to /cgi-bin/salearn.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34803 | 1 Endian | 1 Firewall | 2026-04-02 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parameter to /manage/qos/classes/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34804 | 1 Endian | 1 Firewall | 2026-04-02 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34805 | 1 Endian | 1 Firewall | 2026-04-02 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dnat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34806 | 1 Endian | 1 Firewall | 2026-04-02 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/snat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34807 | 1 Endian | 1 Firewall | 2026-04-02 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34808 | 1 Endian | 1 Firewall | 2026-04-02 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34809 | 1 Endian | 1 Firewall | 2026-04-02 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||