PT-2026-29773

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2025-56752

A vulnerability in the Ruijie RG-ES series switch firmware ESW1.01B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to...

Conceptronic CIPCAMPTIWL Cross-Site Request Forgery Vulnerability

Conceptronic CIPCAMPTIWL is a wireless network camera product from Conceptronic Germany. A cross-site request forgery vulnerability exists in the hy-cgi/user.cgi file in Conceptronic CIPCAMPTIWL version 3 0.61.30.21. A remote attacker could exploit this vulnerability to change the administrator...