PT-2026-20832

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpn advanced endpoint. Attackers can inject JavaScript code through the GLOBAL NETWORKS and GLOBAL DNS parameters via POST...

Comodo Dome Firewall 跨站脚本漏洞

Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from multiple reflective cross-site scripts present at the...

CVE-2026-2670

A vulnerability was identified in Advantech WISE-6610 1.2.120251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpnapply of the component Background Management. Such manipulation of the argument deletefile leads to os command injection. The attack can be executed remotely...

CVE-2026-2670 Advantech WISE-6610 Background Management openvpn_apply os command injection

A vulnerability was identified in Advantech WISE-6610 1.2.120251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpnapply of the component Background Management. Such manipulation of the argument deletefile leads to os command injection. The attack can be executed remotely...

CVE-2026-2670

Affected product/versions: Advantech WISE-6610 (1.2.1_20251110). Vulnerable component/file: /cgi-bin/luci/admin/openvpn_apply in the Background Management module. Root cause / condition: Manipulation of the argument delete_file enables an OS command injection. Impact: Remote execution possible wi...

CVE-2019-25398 IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPNIP, DMTU, ccdname,...

IPFire 跨站脚本漏洞

IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. Version 127 of IPFire 2.21 Core Update contains a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of VPN configuration...

PT-2026-20509

Name of the Vulnerable Software and Affected Versions Advantech WISE-6610 version 1.2.1 20251110 Description A flaw exists in Advantech WISE-6610 that allows remote execution of operating system commands. This is due to improper handling of the delete file argument within an unknown function of t...

SUSE: Security Advisory (SUSE-SU-2026:20196-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES16 Security Update : openvpn (SUSE-SU-2026:20196-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:20196-1 advisory. - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486. Tenable has extracted the...

openSUSE 16 Security Update : openvpn (openSUSE-SU-2026:20137-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20137-1 advisory. - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486. Tenable has extracted the preceding...

Security update for openvpn (important)

openSUSE security update: security update for openvpn ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20137-1 Rating: important References: bsc1254486 Cross-References: CVE-2025-13086 CVSS scores: CVE-2025-13086 SUSE : 7.5...

CVE-2025-15497

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

CVE-2025-15497

CVE-2025-15497 affects OpenVPN 2.7_alpha1 through 2.7_rc5. The issue is insufficient epoch key slot processing that allows remote authenticated users to trigger an assert, resulting in a denial of service. Affected component appears to be internal key-slot handling within the OpenVPN 2.7 developm...

CVE-2025-15497

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

EUVD-2025-206570

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

CVE-2025-15497

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

CVE-2025-15497

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

OpenVPN security vulnerabilities

OpenVPN is a software package developed by OpenVPN Inc. in the United States, used to create encrypted VPN tunnels. It utilizes the OpenSSL library to encrypt data and control information, and allows the created VPNs to use public keys, electronic certificates, or username/password for...

OPENSUSE-SU-2026:20137-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486...