CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2376 matches found

NVD•added 2025/10/27 2:15 p.m.•4 views

CVE-2025-50055

Cross-site scripting XSS vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service ACS endpoint servers to inject arbitrary web script or HTML via the RelayState parameter...

6.4CVSS0.00185EPSS

Exploits0References1

CVE•added 2025/10/27 1:39 p.m.•35 views

CVE-2025-50055

OpenVPN Access Server 2.14.0–2.14.3 exposes an XSS vulnerability in the SAML Authentication module via the RelayState parameter. The issue allows an attacker-controlled RelayState to inject arbitrary script/HTML, potentially leading to client-side impact. The CVE description in official records n...

6.4CVSS5.6AI score0.00185EPSS

Exploits0References1

Cvelist•added 2025/10/27 1:39 p.m.•10 views

CVE-2025-50055

0.00185EPSS

Exploits0References1

Vulnrichment•added 2025/10/27 1:39 p.m.•3 views

CVE-2025-50055

5.6AI score0.00185EPSS

Exploits0References1

CNNVD•added 2025/10/27 12:0 a.m.•6 views

OpenVPN Access Server 安全漏洞

OpenVPN Access Server is a web-based VPN management interface from OpenVPN, Inc. A security vulnerability exists in OpenVPN Access Server versions 2.14.0 through 2.14.3, which stems from the RelayState parameter in the SAML Authentication module not being filtered correctly, which could lead to...

6.4CVSS5.9AI score0.00185EPSS

Exploits0References1

OSV•added 2025/10/27 12:0 a.m.•2 views

UBUNTU-CVE-2025-10680

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

8.8CVSS5.9AI score0.06932EPSS

Exploits0References4

SUSE CVE•added 2025/10/24 11:41 p.m.•3 views

SUSE CVE-2025-10680

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

8.8CVSS7.1AI score0.06932EPSS

Exploits0References3

NVD•added 2025/10/24 10:15 a.m.•6 views

CVE-2025-10680

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

8.8CVSS0.06932EPSS

Exploits0References2

Vulnrichment•added 2025/10/24 10:6 a.m.•2 views

CVE-2025-10680

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

6.6AI score0.06932EPSS

Exploits0References2

EUVD•added 2025/10/24 10:6 a.m.•4 views

EUVD-2025-35830

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

8.8CVSS6.5AI score0.06932EPSS

Exploits0References3

Cvelist•added 2025/10/24 10:6 a.m.•9 views

CVE-2025-10680

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

0.06932EPSS

Exploits0References2

CVE•added 2025/10/24 10:6 a.m.•14 views

CVE-2025-10680

OpenVPN CVE-2025-10680 affects OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX platforms. The root cause is improper handling of DNS-related options (--dns and --dhcp-option) in the --dns-updown hook, allowing a remote authenticated server to inject shell commands via DNS variables. Exploitation co...

8.8CVSS6.6AI score0.06932EPSS

Exploits0References2

Debian CVE•added 2025/10/24 10:6 a.m.•4 views

CVE-2025-10680

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

8.8CVSS8.9AI score0.06932EPSS

Exploits0

CNNVD•added 2025/10/24 12:0 a.m.•6 views

OpenVPN 安全漏洞

OpenVPN is a software package for creating encrypted tunnels for Virtual Private Networks VPNs from the US company OpenVPN, which uses the OpenSSL library to encrypt data and control information, and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

8.8CVSS9.4AI score0.06932EPSS

Exploits0References2

Positive Technologies•added 2025/10/18 12:0 a.m.•3 views

PT-2025-43608

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.7 alpha1 through 2.7 beta1 Description The OpenVPN software, specifically the --dns-updown component, is susceptible to a flaw that allows a remote authenticated server to inject shell commands via DNS variables when the...

9CVSS9.7AI score0.06932EPSS

Exploits0References27

FreeBSD•added 2025/10/18 12:0 a.m.•5 views

OpenVPN -- avoid buffer overread parsing routes or endpoints

Mikhail Khachaiants reports: socket: reject mismatched address family in getaddrgeneric. Add a family check to prevent copying address data of the wrong type, which could cause buffer over-read when parsing routes or endpoints...

9.1CVSS7.1AI score0.00529EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-7205

Malware in sbrugna...

5.3CVSS6AI score0.01215EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-29783

Malware in sbrugna...

9.8CVSS9.4AI score0.01336EPSS

Exploits0References2