Explore CVEs

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.

### Summary A session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security change...

## Summary NocoBase <= 2.0.8 `plugin-workflow-sql` substitutes template variables directly into raw SQL strings via `getParsedValue()` without parame...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated a...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authen...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authe...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authentica...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authent...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authent...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authe...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticate...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated ...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated at...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authentic...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated a...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated atta...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated att...

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated...