Lucene search
K

787 matches found

Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-57021 Junos OS: SRX Series: If VPN compliance-check is configured an attacker can cause http-gk process crash

An Out-of-bounds Write vulnerability in the http-gatekeeper http-gk of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a...

6.9CVSS0.00474EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-0277

An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected...

8.7CVSS6AI score0.00125EPSS
Exploits0References2
Debian
Debian
added 2026/07/03 8:56 p.m.13 views

[SECURITY] [DSA 6376-1] openvpn security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6376-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 03, 2026 https://www.debian.org/security/faq -...

7.5CVSS6AI score0.00549EPSS
Exploits0
EUVD
EUVD
added 2026/07/03 12:31 a.m.7 views

EUVD-2026-41460

A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed. This issue affects the Mobile VPN with SSL client for Windows up to and...

7.3CVSS5.8AI score0.00114EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 6:22 p.m.7 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2026/06/25 6:0 a.m.8 views

Delta Electronics DTM Soft

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system...

8.4CVSS6.2AI score0.00388EPSS
Exploits0References13
EUVD
EUVD
added 2026/06/11 12:32 a.m.11 views

EUVD-2026-36144

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

6.9CVSS5.5AI score0.00115EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:40 p.m.8 views

CVE-2026-0268 Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

6.9CVSS5.5AI score0.00115EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 5:10 p.m.13 views

EUVD-2026-36078

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...

8.5CVSS5.9AI score0.01069EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/10 5:10 p.m.9 views

CVE-2026-9151 Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...

8.5CVSS5.9AI score0.01069EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.16 views

CVE-2026-50751

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

9.3CVSS5.9AI score0.70099EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.14 views

CVE-2026-50752

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS5.8AI score0.04859EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48529

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

6.9CVSS5.5AI score0.00115EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 7:29 p.m.11 views

CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

6.9CVSS5.4AI score0.00317EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 12:16 p.m.18 views

CVE-2026-50752

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS0.04859EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 11:7 a.m.15 views

CVE-2026-50751 User Authentication Bypass in VPN Remote Access and Mobile Access

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

5.9AI score0.70099EPSS
Exploits5References1
CVE
CVE
added 2026/06/08 11:7 a.m.1041 views

CVE-2026-50751

CVE-2026-50751 is a logic-flow weakness in certificate validation during the deprecated IKEv1 key exchange used by Check Point Remote Access VPN, Mobile Access, and Spark Firewall. The flaw allows an unauthenticated attacker to bypass user authentication and establish a VPN session without a vali...

9.3CVSS5.9AI score0.70099EPSS
In wildExploits5References3Affected Software1
EUVD
EUVD
added 2026/06/08 11:0 a.m.13 views

EUVD-2026-35046

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS5.8AI score0.04859EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 11:0 a.m.225 views

CVE-2026-50752

The CVE-2026-50752 entry describes a weakness in the certificate validation logic of the deprecated IKEv1 key exchange used in VPN site‑to‑site connections with certificate‑based authentication. An unauthenticated attacker positioned as a man‑in‑the‑middle could bypass certificate validation, pot...

7.4CVSS5.8AI score0.04859EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/06/08 12:0 a.m.34 views

VulnCheck KEV: CVE-2026-50751

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

9.3CVSS5.9AI score0.70099EPSS
In wildExploits5References4
Rows per page
Query Builder