OpenVPN Access Server 2.1.4 - CRLF Injection

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATHINFO to sessionstart/. id:...

CVE-2026-40950

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service...

CVE-2026-40950

CVE-2026-40950 is a buffer overflow in the Secure Access server prior to 14.50. The vulnerability can be triggered when an attacker in control of a modified client sends a specially crafted message to the server, leading to denial of service. The assessed CVSS 4.0 vector (AV:N/AC:L/PR:L/UI:N/VC:N...

CVE-2026-40950

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service...

CVE-2026-40950 Buffer overflow in the Secure Access server prior to 14.50

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service...

EUVD-2026-26430

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service...

CVE-2026-40950 Buffer overflow in the Secure Access server prior to 14.50

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service...

PT-2026-36181

Name of the Vulnerable Software and Affected Versions Secure Access server versions prior to 14.50 Description A buffer overflow occurs when a program writes more data to a block of memory than it can hold. In this case, attackers using a modified client can send a specially crafted message to th...

GO-2026-4872 Ella Core Panics during NAS Authentication Response/Failure with missing IEs in github.com/ellanetworks/core

Ella Core Panics during NAS Authentication Response/Failure with missing IEs in github.com/ellanetworks/core...

PT-2026-29927

Ella Core Panics during NAS Authentication Response/Failure with missing IEs in github.com/ellanetworks/core...

PT-2026-28565

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0 Description Ella Core, a 5G core designed for private networks, experiences a panic when processing Authentication Response and Authentication Failure NAS messages lacking Information Elements IEs. An attacker...

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product developed by the Danish company Secomea. Version 11.4.0 of Secomea GateManager contains a security vulnerability. This vulnerability stems from improper authentication procedures, which may lead to authentication bypass...

Ella Core vulnerable to Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload

Summary Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. Impact An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required...

CVE-2026-26228

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

CVE-2026-26227

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

EUVD-2026-8871

VideoLAN VLC for Android prior to version 3.7.0 contain an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockout...

EUVD-2026-8858

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

CVE-2026-26227

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

CVE-2026-26227 VLC for Android < 3.7.0 Remote Access OTP Authentication Bypass

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

CVE-2026-26227 VLC for Android < 3.7.0 Remote Access OTP Authentication Bypass

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...