CVE-2026-34820

Endian Firewall

CVE-2026-34817

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-34815 Endian Firewall /cgi-bin/smtpdomains.cgi DOMAIN Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-34814 Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-34811 Endian Firewall /cgi-bin/xtaccess.cgi remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-34801 Endian Firewall /manage/dhcp/fixed_leases/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dhcp/fixedleases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-34801 Endian Firewall /manage/dhcp/fixed_leases/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dhcp/fixedleases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-34801

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dhcp/fixedleases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-35168 OpenSTAManager: SQL Injection via Aggiornamenti Module

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...

CVE-2026-5322

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

CVE-2026-5322 AlejandroArciniegas mcp-data-vis MCP server.js request sql injection

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

CVE-2026-3778

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

CVE-2026-3774

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

PT-2026-29758

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/routing.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

PT-2026-29778

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

PT-2026-29780

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

PT-2026-29883

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.42 Description The OneUptime platform's Worker service ManualAPI exposes workflow execution endpoints without authentication. Specifically, the GET and POST endpoints /workflow/manual/run/:workflowId are...

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/dnsmasq/localdomains/, and can be exploited by an attacker to inject...

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which originates from improperly cleaning up the input of the remark parameter in /cgi-bin/routing.cgi, and can be exploited by an attacker to...

YesWiki 安全漏洞

YesWiki is a wiki system built using PHP by the French organization YesWiki. It is used for creating and managing websites in a collaborative manner. Versions of YesWiki prior to 4.6.0 contained security vulnerabilities; these vulnerabilities stemmed from cross-site scripting vulnerabilities in t...