Lucene search
+L

104 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.5 views

SUSE SLES16 Security Update : openvpn (SUSE-SU-2026:20196-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:20196-1 advisory. - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486. Tenable has extracted the...

8.2CVSS7.3AI score0.00621EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/03 12:0 a.m.4 views

Security update for openvpn (important)

openSUSE security update: security update for openvpn ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20137-1 Rating: important References: bsc1254486 Cross-References: CVE-2025-13086 CVSS scores: CVE-2025-13086 SUSE : 7.5...

8.2CVSS5.4AI score0.00621EPSS
Exploits0References1
OSV
OSV
added 2026/01/29 4:14 p.m.3 views

OPENSUSE-SU-2026:20137-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486...

8.2CVSS7.3AI score0.00621EPSS
Exploits0References2
OSV
OSV
added 2026/01/29 4:9 p.m.3 views

SUSE-SU-2026:20196-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486...

8.2CVSS5.8AI score0.00621EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/13 8:2 p.m.6 views

CVE-2025-13086

A flaw was found in OpenVPN. This vulnerability allows a denial of service DoS for the originating client via improper validation of source Internet Protocol IP addresses, allowing an attacker to open a session from a different IP address which did not initiate the connection. Mitigation Mitigati...

8.2CVSS6.9AI score0.00621EPSS
Exploits0References6
Veracode
Veracode
added 2025/12/13 4:35 a.m.7 views

Server-Side Request Forgery (SSRF)

PowerJob is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of the targetIp and targetPort parameters in the checkConnectivity function of PingPongUtils, allowing attackers to trigger server-side network requests to arbitrary destinations...

9.8CVSS5.9AI score0.00323EPSS
Exploits3References8Affected Software1
OSV
OSV
added 2025/12/09 10:16 p.m.4 views

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

7.5CVSS5.8AI score0.00388EPSS
Exploits1References2
CVE
CVE
added 2025/12/09 12:0 a.m.25 views

CVE-2025-65513

CVE-2025-65513 affects fetch-mcp v1.0.2 and earlier. The vulnerability is Server-Side Request Forgery (SSRF) that allows bypassing private IP validation to reach internal network resources. Reported root cause involves the is_ip_private logic in fetch-mcp server code (notably in the MCP fetch-ser...

7.5CVSS6.5AI score0.00388EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/12/05 1:12 p.m.8 views

OESA-2025-2778 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

8.2CVSS6.6AI score0.00621EPSS
Exploits0References2
OSV
OSV
added 2025/12/05 1:12 p.m.3 views

OESA-2025-2777 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

8.2CVSS6.6AI score0.00621EPSS
Exploits0References2
NVD
NVD
added 2025/12/03 8:16 p.m.3 views

CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...

8.2CVSS0.00621EPSS
Exploits0References3
OSV
OSV
added 2025/12/03 8:16 p.m.3 views

ALPINE-CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...

7.5CVSS7.6AI score0.00621EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/11/28 12:0 a.m.7 views

Ubuntu: Security Advisory (USN-7898-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.9AI score0.00621EPSS
Exploits0References2
CNVD
CNVD
added 2025/11/25 12:0 a.m.4 views

WordPress BigBuy Dropshipping Connector for WooCommerce plugin IP address forgery vulnerability

WordPress BigBuy Dropshipping Connector for WooCommerce plugin is an open source plugin for the WordPress platform for WooCommerce e-commerce platform , support and BigBuy and other Dropshipping supplier docking , to achieve automatic synchronization of goods It supports interfacing with BigBuy a...

5.3CVSS6.6AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.15 views

CVE-2025-12039

The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...

5.3CVSS6AI score0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/21 8:28 a.m.5 views

EUVD-2025-198393

The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...

5.3CVSS5.5AI score0.00255EPSS
Exploits0References4
OSV
OSV
added 2025/11/19 12:0 a.m.6 views

UBUNTU-CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...

8.2CVSS5.8AI score0.00621EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2025/10/27 12:0 a.m.10 views

OpenVPN -- HMAC verification on source IP address ineffective

Arne Schwabe reports: Fix memcmp check for the hmac verification in the 3way handshake being inverted This is a stupid mistake but causes all hmac cookies to be accepted, thus breaking source IP address validation. As a consequence, TLS sessions can be openend and state can be consumed in the...

8.2CVSS6.9AI score0.00621EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-7104

Malware in sbrugna...

8.8CVSS8.8AI score0.01965EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-2458

Malware in sbrugna...

7.5CVSS7.6AI score0.01564EPSS
Exploits1References8
Rows per page
Query Builder