Total CVEs

140,410

Critical Severity

3,747

High Severity

13,544

Last 7 Days

1,637
Quick preset (or use dates below)
Clear Filters
Showing 7,501 - 7,520 of 13,935 CVEs
CVE-2026-5342 MEDIUM - 5.3

A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch ...

Published: Apr 02, 2026
Source: NVD
CVE-2026-5339 MEDIUM - 4.7

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

Vendor: tenda
Product: g103_firmware
Published: Apr 02, 2026
Source: NVD
CVE-2026-34823 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34822 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34821 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34820 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34819 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34818 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34817 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34816 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34815 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34814 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34813 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34812 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34811 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34810 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34809 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34808 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34807 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34806 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/snat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD