Lucene search
K

443 matches found

CVE
CVE
added 2026/05/13 6:32 p.m.16 views

CVE-2026-0249

CVE-2026-0249 describes multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect app. The provided documents state that the GlobalProtect app is not affected on Linux, Windows, iOS, or GlobalProtect UWP, implying that other platforms may be impacted, but th...

7.6CVSS5.8AI score0.00112EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 6:32 p.m.7 views

CVE-2026-0249

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subn...

7.6CVSS5.8AI score0.00112EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.14 views

PT-2026-40773

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app affected versions not specified Description Improper certificate validation allows an attacker to intercept encrypted communications and potentially compromise the endpoint. A local non-administrative...

7.6CVSS5.8AI score0.00112EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

Palo Alto Networks GlobalProtect app 信任管理问题漏洞

The Palo Alto Networks GlobalProtect app is a network protection software developed by Palo Alto Networks. The GlobalProtect app has a trust management vulnerability caused by improper certificate verification. This vulnerability allows attackers to intercept encrypted communications and...

7.6CVSS5.8AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

V2Board 安全漏洞

V2Board is a multi-user proxy service management panel for V2Board open source. A security vulnerability exists in V2Board 1.7.4 and earlier versions that originates from server authentication tokens being transmitted via GET parameters, which could lead to an attacker extracting the token from a...

7.5CVSS5.8AI score0.00286EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 9:15 p.m.6 views

CVE-2026-33467

Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing close...

5.9CVSS5.3AI score0.00124EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/23 10:16 p.m.8 views

CVE-2026-41342

OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding toward malicious gateways and capture...

8.1CVSS0.00126EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.14 views

Rosemary 1.0.3

Rosemary is a cross-platform transparent tunneling platform designed for network pivoting. Unlike traditional tools that rely on TUN/TAP interfaces or require per-application proxy configuration like proxychains, Rosemary intercepts traffic at the kernel level...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.9 views

Rosemary 1.0.2

Rosemary is a cross-platform transparent tunneling platform designed for network pivoting. Unlike traditional tools that rely on TUN/TAP interfaces or require per-application proxy configuration like proxychains, Rosemary intercepts traffic at the kernel level...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/21 12:0 a.m.7 views

Rosemary 1.0.1

Rosemary is a cross-platform transparent tunneling platform designed for network pivoting. Unlike traditional tools that rely on TUN/TAP interfaces or require per-application proxy configuration like proxychains, Rosemary intercepts traffic at the kernel level...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.23 views

PT-2026-44910

Name of the Vulnerable Software and Affected Versions axios versions 0.x through 1.x Description A prototype pollution gadget in the lib/adapters/http.js component allows an attacker to escalate any Object.prototype pollution within an application's dependency tree into a full Man-in-the-Middle...

9.7CVSS5.5AI score0.01041EPSS
Exploits1References51
Vulnrichment
Vulnrichment
added 2026/04/15 11:45 p.m.5 views

CVE-2026-5363 Use of weak cryptographic key in TP-Link Archer C7

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

6CVSS5.8AI score0.00091EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 5:51 p.m.27 views

CVE-2026-5756 Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS)

Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services COS allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services...

0.00329EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 5:51 p.m.11 views

CVE-2026-5756

DRC COS (Central Office Services) is affected by an unauthenticated configuration file modification vulnerability via the /v0/configuration endpoint. The issue allows a network-adjacent attacker to submit JSON payloads that persistently modify the server’s configuration, potentially enabling data...

7.5CVSS5.8AI score0.00329EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32896

Name of the Vulnerable Software and Affected Versions DRC Central Office Services COS affected versions not specified Description An unauthenticated configuration file modification issue allows an attacker to modify the server configuration file. This could lead to mass data exfiltration, malicio...

7.5CVSS5.8AI score0.00329EPSS
Exploits0References5
NCSC
NCSC
added 2026/04/10 12:11 p.m.8 views

Vulnerabilities fixed in Synology SSL VPN Client

Synology has fixed vulnerabilities in Synology SSL VPN Client. A malicious party can exploit these vulnerabilities because Synology SSL VPN Client with version before 1.4.5-0684 stores PINs insecurely and does not adequately shield files via a local HTTP server component. This can lead to...

8.1CVSS5.8AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/10 9:22 a.m.4 views

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS5.9AI score0.00322EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/10 9:22 a.m.2 views

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS5.9AI score0.00322EPSS
Exploits0References2
CVE
CVE
added 2026/04/10 9:22 a.m.12 views

CVE-2021-47961

The CVE describes a plaintext password storage vulnerability in Synology SSL VPN Client prior to version 1.4.5-0684 . The insecure storage can allow remote attackers to access or influence the user’s PIN, potentially enabling unauthorized VPN configuration and interception of subsequent VPN traff...

8.1CVSS5.9AI score0.00322EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/10 9:22 a.m.31 views

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS0.00322EPSS
Exploits0References1
Rows per page
Query Builder