Total CVEs

126,116

Critical Severity

2,290

High Severity

7,924

Last 7 Days

1,177
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1 - 20 of 34 CVEs
CVE-2026-34823 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34822 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34821 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34820 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34819 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34818 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34817 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34816 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34815 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34814 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34813 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34812 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34811 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34810 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34809 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34808 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34807 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34806 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/snat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34805 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dnat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD
CVE-2026-34804 MEDIUM - 6.4

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Vendor: Endian
Product: Endian Firewall
Published: Apr 02, 2026
Source: NVD