Lucene search
K

2811 matches found

Cvelist
Cvelist
added 2026/04/03 10:37 p.m.18 views

CVE-2021-4477 Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass

Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections IKEv1 or IKEv2 while...

9.3CVSS0.00319EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/03 6:12 p.m.3 views

CVE-2026-23441

A flaw was found in the Linux kernel's net/mlx5e driver. A race condition occurs when the ASO spinlock is released prematurely, allowing concurrent operations to overwrite a shared Direct Memory Access DMA context. This can lead to the processing of corrupted data, resulting in unexpected behavio...

5.5CVSS5.9AI score0.00089EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 4:16 p.m.7 views

CVE-2026-23441

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent concurrent access to IPSec ASO context The query or updating IPSec offload object is through Access ASO WQE. The driver uses a single mlx5eipsecaso struct for each PF, which contains a shared DMA-mapped context...

4.7CVSS0.00089EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30136

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw in the net/mlx5e module where concurrent access to the IPSec ASO context could occur. This was due to a race condition where the ASO spinlock was releas...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References483
EUVD
EUVD
added 2026/04/02 3:31 p.m.4 views

EUVD-2026-18322

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3
NVD
NVD
added 2026/04/02 3:16 p.m.2 views

CVE-2026-34820

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:46 p.m.5 views

CVE-2026-34820

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 2:46 p.m.2 views

CVE-2026-34820 Endian Firewall /manage/ipsec/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS6AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/ipsec/, and can be exploited by an attacker to inject malicious script and...

6.4CVSS5.7AI score0.00138EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.12 views

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1495)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1495 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix null-deref in aggdequeue CVE-2025-40083 In the Linux kernel, the following vulnerability has been...

6.1AI score0.00201EPSS
Exploits0References102
Amazon
Amazon
added 2026/03/27 12:0 a.m.11 views

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix null-deref in aggdequeue CVE-2025-40083 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak of qgrouplist in btrfsaddqgrouprelation CVE-2025-40209 In t...

6.4AI score0.00201EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.5 views

CVE-2026-4537

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5AI score0.10296EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 4:49 p.m.3 views

SUSE-SU-2026:20888-1 Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: - CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. - CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed bsc1257669. ...

5.5CVSS5.9AI score0.00176EPSS
Exploits0References15
Ubuntu
Ubuntu
added 2026/03/24 11:42 a.m.11 views

USN-8112-4: Linux kernel (Azure FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - HFS+ file...

8.8CVSS6.7AI score0.0084EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/03/22 4:2 a.m.2 views

CVE-2026-4537 Cudy TR1200 ipsec.lua action_ipsec_conn command injection

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5AI score0.10296EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/22 4:2 a.m.40 views

CVE-2026-4537 Cudy TR1200 ipsec.lua action_ipsec_conn command injection

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS0.10296EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.10 views

PT-2026-26968

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action ipsec conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5.6AI score0.10296EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.5 views

Cudy TR1200 命令注入漏洞

The Cudy TR1200 is a router produced by the Chinese company Cudy. The Cudy TR1200 R46-2.4.15-20250721-164017 version has a command injection vulnerability. This vulnerability stems from incorrect operations on the function actionipsecconn in the file /usr/bin/lib/lua/luci/controller/ipsec.lua,...

5.8CVSS5.8AI score0.10296EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/04 5:22 p.m.4 views

CVE-2026-20049

A vulnerability in the processing of Galois/Counter Mode GCM-encrypted Internet Key Exchange version 2 IKEv2 IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker to cause...

7.7CVSS6AI score0.00292EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/03/04 5:22 p.m.30 views

CVE-2026-20049

A vulnerability in the processing of Galois/Counter Mode GCM-encrypted Internet Key Exchange version 2 IKEv2 IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker to cause...

7.7CVSS0.00292EPSS
Exploits0References1
Rows per page
Query Builder