Lucene search
K

356 matches found

CNVD
CNVD
added 2026/04/07 12:0 a.m.3 views

Endian Firewall DATE Parameter OS Command Injection Vulnerability (CNVD-2026-18422)

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsopenvpn.cgi, and can be exploited by...

8.8CVSS5.8AI score0.01466EPSS
Exploits0
CNVD
CNVD
added 2026/04/07 12:0 a.m.5 views

Endian Firewall DATE Parameter OS Command Injection Vulnerability (CNVD-2026-18423)

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logslog.cgi, and can be exploited by an...

8.8CVSS5.8AI score0.01469EPSS
Exploits0
EUVD
EUVD
added 2026/04/02 3:31 p.m.3 views

EUVD-2026-18266

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS6.1AI score0.01272EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.8 views

EUVD-2026-18270

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS6.1AI score0.01222EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.6 views

EUVD-2026-18268

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsfirewall.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplet...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.4 views

EUVD-2026-18274

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsopenvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS6.1AI score0.01466EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.4 views

EUVD-2026-18264

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsproxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS6.1AI score0.01272EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.5 views

EUVD-2026-18276

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logssmtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.5 views

EUVD-2026-18272

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logslog.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS6.1AI score0.01469EPSS
Exploits0References3
NVD
NVD
added 2026/04/02 3:16 p.m.2 views

CVE-2026-34797

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logssmtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS0.01248EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 3:16 p.m.5 views

CVE-2026-34796

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsopenvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS0.01466EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 3:16 p.m.5 views

CVE-2026-34795

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logslog.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS0.01469EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 3:16 p.m.4 views

CVE-2026-34794

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS0.01222EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 3:16 p.m.2 views

CVE-2026-34792

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS0.01272EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 3:16 p.m.4 views

CVE-2026-34793

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsfirewall.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplet...

8.8CVSS0.01248EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 3:16 p.m.12 views

CVE-2026-34791

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsproxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS0.01272EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 2:45 p.m.1 views

CVE-2026-34797 Endian Firewall /cgi-bin/logs_smtp.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logssmtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 2:45 p.m.15 views

CVE-2026-34797

CVE-2026-34797 - Endian Firewall : Endian Firewall versions 3.3.25 and earlier are affected. Authenticated users can run arbitrary OS commands via the DATE parameter in /cgi-bin/logs_smtp.cgi. The value is used to build a file path passed to a Perl open() call, with incomplete regex validation en...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:45 p.m.4 views

CVE-2026-34797

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logssmtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/02 2:45 p.m.19 views

CVE-2026-34797 Endian Firewall /cgi-bin/logs_smtp.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logssmtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS0.01248EPSS
Exploits0References2
Rows per page
Query Builder