26129 matches found
CVE-2026-34792
CVE-2026-34792 – Endian Firewall : Affects Endian Firewall 3.3.25 and prior. An authenticated user can execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE value builds a file path that is passed to a Perl open() call, allowing command injection due to incomp...
CVE-2026-34791
Endian Firewall versions 3.3.25 and earlier are affected by a command-injection flaw in /cgi-bin/logs_proxy.cgi through the DATE parameter. The value is used to build a file path then passed to a Perl open(), with incomplete regex validation enabling authenticated users to execute arbitrary OS co...
CVE-2026-34792
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...
CVE-2026-34791 Endian Firewall /cgi-bin/logs_proxy.cgi DATE Perl Command Injection
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsproxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...
CVE-2026-34792 Endian Firewall /cgi-bin/logs_clamav.cgi DATE Perl Command Injection
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...
CVE-2026-29135
creationtimestamp| type| source ---|---|--- 2026-04-02 10:40:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miizevl4x42n 2026-04-16 21:19:51+00:00| seen| Telegram/3Rneua8sJN4acwbkH9WJwYA0S4fbpKs2cDcX7PKNKVaNXM...
CVE-2026-34950
creationtimestamp| type| source ---|---|--- 2026-04-02 08:53:21+00:00| published-proof-of-concept| https://github.com/nearform/fast-jwt/security/advisories/GHSA-mvf2-f6gm-w987 2026-04-06 16:20:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mito77wzr22s 2026-04-06...
CVE-2026-5318
creationtimestamp| type| source ---|---|--- 2026-04-02 06:31:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miilghshxh2q...
CVE-2026-35043
creationtimestamp| type| source ---|---|--- 2026-04-02 06:13:05+00:00| published-proof-of-concept| https://github.com/bentoml/BentoML/security/advisories/GHSA-fgv4-6jr3-jgfw 2026-04-06 19:29:29+00:00| published-proof-of-concept| Telegram/0wjdVVOdHVRh-NR-AUdnOvXJcqqbi6lE8Vl80iGy2s6Zy0 2026-04-07...
PT-2026-29753
Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Authenticated users can execute arbitrary OS commands through the DATE parameter in the '/cgi-bin/logs firewall.cgi' endpoint. This is due to an incomplete regular expression validation whe...
PT-2026-29754
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...
Endian Firewall 操作系统命令注入漏洞
Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from incomplete regular expression validation for the DATE...
PT-2026-29755
Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to the '/cgi-bin/logs log.cgi' API endpoint. The DATE parameter...
PT-2026-29752
Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier permit authenticated users to execute arbitrary operating system commands through the DATE parameter of the '/cgi-bin/logs clamav.cgi' endpoint...
Endian Firewall 操作系统命令注入漏洞
Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logssmtp.cgi, and can be exploited by an...
Endian Firewall 操作系统命令注入漏洞
Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsids.cgi, and can be exploited by an...
PT-2026-29756
Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier allow authenticated users to execute arbitrary OS commands through the DATE parameter in the '/cgi-bin/logs openvpn.cgi' endpoint. The DATE...
Endian Firewall 操作系统命令注入漏洞
Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logslog.cgi, and can be exploited by an...
PT-2026-29757
Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier allow authenticated users to execute arbitrary OS commands through the DATE parameter in the '/cgi-bin/logs smtp.cgi' endpoint. The vulnerability...
Endian Firewall 操作系统命令注入漏洞
Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsopenvpn.cgi, and can be exploited by...