CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

CVE-2026-26732

TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword parameters in the formFilter function...

CVE-2026-26732

TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword parameters in the formFilter function...

CVE-2026-26732

TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword parameters in the formFilter function...

PT-2026-20358

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU version 2.1.1-B20211108.1455 Description The TOTOLINK A3002RU router firmware contains a stack-based buffer overflow. The issue is located in the formFilter function and is triggered through the vpnUser and vpnPassword...

CVE-2026-26732

TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword parameters in the formFilter function...

EUVD-2025-203237

A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible...

EUVD-2019-7982

Malware in sbrugna...

EUVD-2018-19297

Malware in sbrugna...

EUVD-2022-40956

Malicious code in bioql PyPI...

TOTOLINK X15 安全漏洞

TOTOLINK X15 is a network wireless extender manufactured by China's Gion Electronics TOTOLINK, mainly used to extend Wi-Fi coverage. The device supports Wi-Fi 6 technology and offers AX1500 wireless transmission rate for home and small office scenarios. The TOTOLINK X15 suffers from a buffer...

CVE-2020-0467

In onUserStopped of Vpn.java, there is a possible resetting of user preferences due to a logic issue. This could lead to local information disclosure of secure network traffic over a non-VPN link with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-20212

CVE-2025-20212 affects Cisco Meraki MX and Cisco Meraki Z Series devices, targeting the Cisco AnyConnect VPN server. The root cause is a variable that is not initialized during SSL VPN session establishment, allowing an authenticated, remote actor with VPN credentials to cause a DoS by triggering...

PT-2025-14532 · Cisco · Cisco Meraki Z Series +2

Name of the Vulnerable Software and Affected Versions: Cisco Meraki MX and Cisco Meraki Z Series devices versions MX64, MX64W, MX65, MX65W, MX67, MX67C, MX67W, MX68, MX68CW Description: A vulnerability in the Cisco AnyConnect VPN server could allow an authenticated, remote attacker to cause a...

TOTOLINK X5000R 操作系统命令注入漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R setModifyVpnUser method, which can be exploited by an attacker to execute arbitrary commands...

CVE-2023-6399

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN series firmware versions from 4.16 through 5.37...

PT-2023-7545 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the AnyConnect SSL VPN feature could allow an...

CVE-2019-18177

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update...

CVE-2022-38368

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands...

PT-2022-24390 · Aviatrix · Aviatrix Gateway

Name of the Vulnerable Software and Affected Versions: Aviatrix Gateway versions prior to 6.6.5712 Aviatrix Gateway versions 6.7.x prior to 6.7.1376 Description: An issue was discovered in Aviatrix Gateway where Gateway API functions mishandle authentication. This allows an authenticated VPN user...