CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/04/02 12:0 a.m.•2 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. Cross-site scripting vulnerability in Endian Firewall remark parameterThe vulnerability stems from improper handling of the remark parameter in /cgi-bin/outgoingfw.cgi, which can be exploited by an attacker to inject malicious...

6.4CVSS5.8AI score0.00034EPSS

CNNVD•added 2026/04/02 12:0 a.m.•3 views

Endian Firewall 路径遍历漏洞

Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the lack of cleaning of the directory traversal sequences for the remove ARCHIVE paramete...

8.1CVSS5.8AI score0.00331EPSS

Vulnrichment•added 2026/04/02 12:0 a.m.•0 views

CVE-2026-30603

An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card...

5.9AI score0.00011EPSS

Positive Technologies•added 2026/04/02 12:0 a.m.•1 views

PT-2026-29795

A Time-of-Check to Time-of-Use TOCTOU race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process...

7.5CVSS6.2AI score0.00005EPSS

Exploits1References4

Cvelist•added 2026/04/02 12:0 a.m.•12 views

CVE-2026-30603

0.00011EPSS

Positive Technologies•added 2026/04/02 12:0 a.m.•3 views

PT-2026-29967

Name of the Vulnerable Software and Affected Versions @usebruno/cli versions installed between 00:21 UTC and 03:30 UTC on March 31, 2026 Description A supply chain attack involving compromised versions of the axios npm package introduced a hidden dependency deploying a cross-platform Remote Acces...

9.8CVSS6AI score0.00029EPSS

Exploits0References9

CNNVD•added 2026/04/02 12:0 a.m.•2 views

Qianniao QN-L23PA0904 安全漏洞

Qianniao QN-L23PA0904 is a laptop power adapter produced by Qianniao Corporation. The version v20250721.1640 of Qianniao QN-L23PA0904 contains a security vulnerability. This vulnerability stems from issues with the firmware update mechanism. Attackers can obtain root access, install backdoors, an...

6.8CVSS5.8AI score0.00011EPSS

CNNVD•added 2026/04/02 12:0 a.m.•5 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from incomplete regular expression validation of the DATE...

8.8CVSS6.1AI score0.0046EPSS

Positive Technologies•added 2026/04/02 12:0 a.m.•2 views

PT-2026-29770

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00034EPSS

ATTACKERKB•added 2026/04/02 12:0 a.m.•1 views

CVE-2026-30603

6.8CVSS5.9AI score0.00011EPSS

Exploits0References4

Cvelist•added 2026/04/02 12:0 a.m.•12 views

CVE-2026-30332

7.5CVSS0.00005EPSS

Exploits1References3

RedhatCVE•added 2026/04/01 11:1 p.m.•2 views

CVE-2026-32607

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user...

5.4CVSS5.8AI score0.00052EPSS

Exploits0References1

RedhatCVE•added 2026/04/01 11:1 p.m.•4 views

CVE-2026-5215

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function...

5.3CVSS5.6AI score0.00082EPSS

RedhatCVE•added 2026/04/01 11:1 p.m.•1 views

CVE-2026-34733

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

7.3CVSS5.9AI score0.00022EPSS

RedhatCVE•added 2026/04/01 11:0 p.m.•3 views

CVE-2026-34739

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...

6.1CVSS6AI score0.00017EPSS

RedhatCVE•added 2026/04/01 11:0 p.m.•2 views

CVE-2026-2480

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maxwidth' attribute of the subox shortcode in all versions up to, and including, 7.4.10 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS6AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/04/01 11:0 p.m.•6 views

CVE-2026-5213

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function...

9CVSS7.6AI score0.00046EPSS