CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.1CVSS5.7AI score0.0007EPSS

YesWiki 安全漏洞

YesWiki is a wiki system built using PHP by the French organization YesWiki. It is used for creating and managing websites in a collaborative manner. Versions of YesWiki prior to 4.6.0 contained security vulnerabilities; these vulnerabilities stemmed from cross-site scripting vulnerabilities in t...

Exploits1References2

Apache Tomcat•added 2026/04/02 12:0 a.m.•6 views

Fixed in Apache Tomcat 10.1.54

Moderate: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled CVE-2026-34500 CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used. This was fixed with commit 29b56a56. This issue was reported to the Tomcat security...

7.5CVSS5.9AI score0.12919EPSS

Exploits5Affected Software1

Positive Technologies•added 2026/04/02 12:0 a.m.•5 views

PT-2026-29785

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with edit faq permission can upload a malicious SVG that executes...

5.4CVSS5.8AI score0.00041EPSS

Exploits1References3

Positive Technologies•added 2026/04/02 12:0 a.m.•3 views

PT-2026-29776

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00039EPSS

Exploits0References3

CNNVD•added 2026/04/02 12:0 a.m.•3 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall ADDRESS BCC parameter, which originates from improper handling of the ADDRESS BCC parameter in /cgi-bin/smtprouting.cgi, and can be exploited by an attacker to...

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall dscp parameter, which stems from improper handling of the dscp parameter in /manage/qos/rules/, and can be exploited by an attacker to inject malicious JavaScript...

CNNVD•added 2026/04/02 12:0 a.m.•2 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall group parameter, which stems from improper handling of the group parameter in /cgi-bin/proxygroup.cgi, and can be exploited by an attacker to inject malicious...

CNNVD•added 2026/04/02 12:0 a.m.•6 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.1 contained security vulnerabilities. These vulnerabilities stemmed from an exploit that allowed bypassing the SVG cleaner, potentially allowing execution of arbitrary JavaScript...

5.4CVSS6.1AI score0.00041EPSS

Exploits1References2

Tenable Nessus•added 2026/04/02 12:0 a.m.•5 views

Zabbix 6.0.x < 6.0.41 / 7.0.x < 7.0.19 / 7.2.x < 7.2.13 / 7.4.x < 7.4.3 Information Disclosure (ZBX-27638)

The version of Zabbix Server installed on the remote host is prior to 6.0.41, 7.0.19, 7.2.13, 7.4.3. It is, therefore, affected by an information disclosure vulnerability : - Zabbix Server/Proxy reuses JavaScript Duktape contexts for performance reasons. This can lead to confidentiality loss wher...

7.1CVSS6AI score0.0003EPSS

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/snat.cgi, and can be exploited by an attacker to inject malicious JavaScri...

Positive Technologies•added 2026/04/02 12:0 a.m.•2 views

PT-2026-29764

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00039EPSS

Exploits0References3

Positive Technologies•added 2026/04/02 12:0 a.m.•2 views

PT-2026-29769

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00039EPSS

Exploits0References3

CNNVD•added 2026/04/02 12:0 a.m.•3 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improperly cleaning up the input of the remark parameter in /manage/dhcp/fixedleases/, and can be exploited by an attacker to...

6.4CVSS5.7AI score0.00013EPSS

5.4CVSS5.6AI score0.00012EPSS

IBM Content Navigator 安全漏洞

IBM Content Navigator is an enterprise content management and collaboration platform for document management, workflow and content retrieval. A cross-site scripting vulnerability exists in IBM Content Navigator. The vulnerability stems from a failure to properly process user input and can be...

Exploits0References1

CNNVD•added 2026/04/02 12:0 a.m.•3 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/vpnfw.cgi, and can be exploited by an attacker to inject malicious...