Lucene search
K

370 matches found

NVD
NVD
added 2 hours ago3 views

CVE-2026-40957

o CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator...

6.1CVSS
Exploits0References1
Nuclei
Nuclei
added 18 hours ago47 views

OpenVPN Access Server 2.1.4 - CRLF Injection

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATHINFO to sessionstart/. id:...

6.1CVSS6.5AI score0.04622EPSS
Exploits3References3
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2025-3110

A flaw in OpenVPN Access Server allows remote attackers to smuggle HTTP requests when the server operates behind a reverse proxy. The issue stems from the server accepting unstandardized bare line-feed sequences in HTTP headers. Mitigation To mitigate this issue, ensure that any reverse proxy...

7.5CVSS6AI score0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/07/08 5:17 p.m.10 views

CVE-2025-3110

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...

7.5CVSS0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 4:19 p.m.5 views

EUVD-2025-210441

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...

6.9CVSS6AI score0.00259EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 4:19 p.m.21 views

CVE-2025-3110

CVE-2025-3110 affects OpenVPN Access Server 2.7.2 through 3.1.0, where the server accepts bare line-feed sequences inside HTTP header values, enabling HTTP request smuggling when deployed behind a reverse proxy. Red Hat’s advisory notes this flaw stems from unstandardized LF handling in HTTP head...

7.5CVSS6AI score0.00259EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/08 4:19 p.m.37 views

CVE-2025-3110

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...

6.9CVSS0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40950

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 9:16 p.m.5 views

CVE-2026-40950

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service...

7.1CVSS0.00249EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 8:19 p.m.3 views

CVE-2026-40950

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/30 8:19 p.m.38 views

CVE-2026-40950 Buffer overflow in the Secure Access server prior to 14.50

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service...

7.1CVSS0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/30 8:19 p.m.5 views

EUVD-2026-26430

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service...

7.1CVSS5.7AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 8:19 p.m.4 views

CVE-2026-40950 Buffer overflow in the Secure Access server prior to 14.50

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References1
CVE
CVE
added 2026/04/30 8:19 p.m.16 views

CVE-2026-40950

CVE-2026-40950 is a buffer overflow in the Secure Access server prior to 14.50. The vulnerability can be triggered when an attacker in control of a modified client sends a specially crafted message to the server, leading to denial of service. The assessed CVSS 4.0 vector (AV:N/AC:L/PR:L/UI:N/VC:N...

7.1CVSS5.7AI score0.00249EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.9 views

PT-2026-36181

Name of the Vulnerable Software and Affected Versions Secure Access server versions prior to 14.50 Description A buffer overflow occurs when a program writes more data to a block of memory than it can hold. In this case, attackers using a modified client can send a specially crafted message to th...

7.1CVSS6AI score0.00249EPSS
Exploits0References5
OSV
OSV
added 2026/04/02 6:42 p.m.8 views

GO-2026-4872 Ella Core Panics during NAS Authentication Response/Failure with missing IEs in github.com/ellanetworks/core

Ella Core Panics during NAS Authentication Response/Failure with missing IEs in github.com/ellanetworks/core...

6.5CVSS5.9AI score0.00236EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.9 views

PT-2026-29927

Ella Core Panics during NAS Authentication Response/Failure with missing IEs in github.com/ellanetworks/core...

6.5CVSS5.8AI score0.00236EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.10 views

PT-2026-28565

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0 Description Ella Core, a 5G core designed for private networks, experiences a panic when processing Authentication Response and Authentication Failure NAS messages lacking Information Elements IEs. An attacker...

7.5CVSS5.9AI score0.02709EPSS
Exploits2References48
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.8 views

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product developed by the Danish company Secomea. Version 11.4.0 of Secomea GateManager contains a security vulnerability. This vulnerability stems from improper authentication procedures, which may lead to authentication bypass...

6.5CVSS5.8AI score0.00351EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/12 8:33 p.m.10 views

Ella Core vulnerable to Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload

Summary Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. Impact An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder