2376 matches found
PT-2026-31408
Name of the Vulnerable Software and Affected Versions TP-Link Archer AX53 v1.0 versions prior to 1.7.1 Build 20260213 Description An OS command injection issue in the OpenVPN module allows an authenticated adjacent attacker to execute system commands. This occurs during the processing of a...
TP-Link Archer AX53 安全漏洞
The TP-Link Archer AX53 is a dual-core router produced by TP-Link Corporation. Prior versions of the TP-Link Archer AX53, including v1.0, 1.7.1 Build 20260213, contained security vulnerabilities. These vulnerabilities were due to OS command injection in the OpenVPN module, which could lead to the...
Endian Firewall REMARK Parameter Cross-Site Scripting Vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall REMARK parameter, which stems from improper handling of the REMARK parameter in /cgi-bin/openvpnclient.cgi, and can be exploited by an attacker to inject malicious...
EUVD-2026-18274
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsopenvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...
CVE-2026-34819 Endian Firewall /cgi-bin/openvpnclient.cgi REMARK Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
CVE-2026-34819 Endian Firewall /cgi-bin/openvpnclient.cgi REMARK Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
CVE-2026-34819
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
CVE-2026-34796 Endian Firewall /cgi-bin/logs_openvpn.cgi DATE Perl Command Injection
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsopenvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...
CVE-2026-34796
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsopenvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...
Endian Firewall 操作系统命令注入漏洞
Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsopenvpn.cgi, and can be exploited by...
Endian Firewall 跨站脚本漏洞
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall REMARK parameter, which stems from improper handling of the REMARK parameter in /cgi-bin/openvpnclient.cgi, and can be exploited by an attacker to inject malicious...
Advisory ROSA-SA-2026-3238
software: openvpn 2.6.17 OS: ROSA-CHROME unaffected versions = openvpn-2.6.17-1 affected versions openvpn-2.6.17-1 CVE-ID: CVE-2025-13751 BDU-ID: 2025-16280 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the OpenVPN software is related to unrestricted resource allocation. Exploitation of the...
openSUSE Security Advisory (SUSE-SU-2026:0831-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2026:0831-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openvpn (SUSE-SU-2026:0831-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0831-1 advisory. - Updated to version 2.6.10 that fixes: CVE-2025-13086: improper validation of IP addresses that can caus...
Security update for openvpn
This update for openvpn fixes the following issues: Updated to version 2.6.10 that fixes: CVE-2025-13086: improper validation of IP addresses that can cause denial of service bsc1254486 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
SUSE-SU-2026:0831-1 Security update for openvpn
This update for openvpn fixes the following issues: - Updated to version 2.6.10 that fixes: CVE-2025-13086: improper validation of IP addresses that can cause denial of service bsc1254486...
OpenVPN 2.7.0_beta3 < 2.7.0_I017 Buffer Overflow (Windows)
According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is affected by buffer overflow vulnerability: - The ovpn-dco-win version 2.8.0 has a flaw which appears when connecting to an OpenVPN 2.7.0 server, or other implementations with data epoch...
CLEANSTART-2026-DC27717 OpenVPN version 2
Multiple security vulnerabilities affect the pritunl package. OpenVPN version 2. See references for individual vulnerability details...
CVE-2026-2738
Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet...