Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall NAME parameter, which originates from improperly cleaning up the input of the NAME parameter in /cgi-bin/uplinkeditor.cgi, and can be exploited by an attacker to...

Tenda G103 命令注入漏洞

The Tenda G103 is a GPON fiber access device designed specifically for home and SOHO users by the Chinese company Tenda. Version 1.0.0.5 of the Tenda G103 contains a command injection vulnerability. This vulnerability stems from an improper operation of the parameter “lanIp” in the function...

PT-2026-29790

A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add apcdb of the file /setup.cgi. The manipulation of the argument mac pc dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might ...

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which originates from improperly cleaning up the input of the remark parameter in /cgi-bin/routing.cgi, and can be exploited by an attacker to...

Etcher 安全漏洞

Etcher is an operating system image burning tool developed by balena. Versions of Etcher prior to 2.1.4 contained security vulnerabilities. These vulnerabilities were caused by race conditions, allowing attackers to replace legitimate scripts with malicious payloads during the burning process,...

CVE-2026-30603

CVE-2026-30603 concerns the firmware update mechanism of the Qianniao QN-L23PA0904 (version v20250721.1640). The available documents state that an attacker can achieve root access, install backdoors, and exfiltrate data by providing a crafted iu.sh script via an SD card. The connected sources do ...

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/zonefw.cgi, and can be exploited by an attacker to inject malicious...

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. Cross-site scripting vulnerability in Endian Firewall remark parameterThe vulnerability stems from improper handling of the remark parameter in /cgi-bin/outgoingfw.cgi, which can be exploited by an attacker to inject malicious...

Endian Firewall 路径遍历漏洞

Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the lack of cleaning of the directory traversal sequences for the remove ARCHIVE paramete...

CVE-2026-30603

An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card...

PT-2026-29795

A Time-of-Check to Time-of-Use TOCTOU race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process...

CVE-2026-30603

An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card...

PT-2026-29967

Name of the Vulnerable Software and Affected Versions @usebruno/cli versions installed between 00:21 UTC and 03:30 UTC on March 31, 2026 Description A supply chain attack involving compromised versions of the axios npm package introduced a hidden dependency deploying a cross-platform Remote Acces...

Qianniao QN-L23PA0904 安全漏洞

Qianniao QN-L23PA0904 is a laptop power adapter produced by Qianniao Corporation. The version v20250721.1640 of Qianniao QN-L23PA0904 contains a security vulnerability. This vulnerability stems from issues with the firmware update mechanism. Attackers can obtain root access, install backdoors, an...

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from incomplete regular expression validation of the DATE...

PT-2026-29770

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-30603

An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card...

CVE-2026-30332

A Time-of-Check to Time-of-Use TOCTOU race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process...

CVE-2026-32607

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user...

CVE-2026-5215

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function...