CVE-2026-34815 Endian Firewall /cgi-bin/smtpdomains.cgi DOMAIN Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-34815

Endian Firewall (affected: 3.3.25 and earlier) is vulnerable to a stored XSS via the DOMAIN parameter in /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that gets stored and executed when other users view the affected page. This is driven by the DOMAIN input ha...

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. Endian Firewall DOMAIN Parameter Cross-Site Scripting VulnerabilityThe vulnerability stems from improper handling of the DOMAIN parameter in /cgi-bin/smtpdomains.cgi, which can be exploited by an attacker to inject malicious...

PT-2026-29775

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

PT-2026-29776

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall domain parameter, which originates from improper handling of the domain parameter in /manage/smtpscan/domainrouting/, and can be exploited by an attacker to inject...

EUVD-2026-14375

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

CVE-2026-4600

CVE-2026-4600 affects the JavaScript library jsrsasign prior to 11.1.1. The vulnerability stems from improper verification of cryptographic signatures due to DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and related DSA/X509 verification in src/dsa-2.0.js). An attacker can forge D...

Hono 安全漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.4 contained security vulnerabilities. These vulnerabilities stemmed from the setCookie tool, which did not validate the semicolons, line breaks, or newlines in the domain and path parameters when...

CVE-2019-25429 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via openvpn_advanced

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpnadvanced endpoint. Attackers can inject JavaScript code through the GLOBALNETWORKS and GLOBALDNS parameters via POST...

CVE-2019-25428 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via openvpn_users

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpnusers endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets,...

Improper Verification of Cryptographic Signature

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.j...

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow ...

UBUNTU-CVE-2025-68295

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix memory leak in cifsconstructtcon When having a multiuser mount with domain= specified and using cifscreds, cifssetcifscreds will end up setting @ctx-domainname, so it needs to be freed before leaving...

CVE-2025-60702

A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the system.so binary. The setDiagnosisCfg function retrieves the ipDoamin parameter from user input via websGetVar and concatenates it directly into a ping system command executed via...

Astra Linux – Vulnerability in libsoup3, libsoup2.4

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives an HTTP response with a status code of 401 Unauthorized, which contains a specially crafted domain parameter within the WWW-Authenticate header...

CVE-2025-11386

CVE-2025-11386 affects Tenda AC15 router (firmware 15.03.05.18) via the POST handler in the /goform/SetDDNSCfg endpoint. The root cause is a stack-based buffer overflow triggered by manipulating the ddnsEn argument, indicating an input length validation failure in an unknown function of the POST ...

EUVD-2020-20167

Malware in sbrugna...

EUVD-2011-5093

Malware in sbrugna...