CVE-2026-21918

A Double Free vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of...

Vulnerabilities fixed in Cisco Secure Firewall ASA and FTD

Cisco has fixed vulnerabilities in Cisco Secure Firewall ASA and FTD Software. The vulnerability with reference CVE-2025-20333, is located in how the software validates user input in HTTPS requests. An attacker with valid VPN login credentials can exploit this vulnerability by sending specially...

CVE-2025-0136

CVE-2025-0136 affects PAN-OS on Intel-based Palo Alto Networks firewalls (PA-7500, PA-5400/5400f, PA-3400, PA-1600, PA-1400, PA-400). The issue arises from using AES-128-CCM for IPSec, which leads to unencrypted data transfer between devices connected to the PAN-OS firewall through IPSec. Affecte...

Zyxel多款产品 安全漏洞

Zyxel USG20W-VPN and others are products of China Hopkins Zyxel.Zyxel USG20W-VPN is a firewall appliance for corporate environments.Zyxel ATP series firmware is a series of firewall firmware.Zyxel USG FLEX series firmware is a series of Zyxel USG FLEX series firmware is a series of security...

Zyxel多款产品 代码问题漏洞

Zyxel USG20W-VPN and others are products of China Hopkins Zyxel.Zyxel USG20W-VPN is a firewall appliance for use in corporate environments.Zyxel ATP series firmware is a series of firewall firmwares.Zyxel USG FLEX series firmware is a series of Zyxel USG FLEX series firmware is a series of securi...

The vulnerability of the CGI microprogramming interface of Zyxel ATP, USG FLEX, and VPN devices allows a intruder to gain unauthorized access to protected information.

The vulnerability of the CGI microprogramming interface of Zyxel ATP, USG FLEX, and VPN network devices is related to deficiencies in access control for personal information. Exploiting this vulnerability can allow unauthorized actors to gain unauthorized access to protected information...

Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices

Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. The list of security vulnerabilities is as follows - CVE-2022-0734 - A cross-site scripting XSS...

CVE-2022-0024

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committ...

The vulnerability of Fireware operating systems in network security devices like WatchGuard Firebox and XTM, related to insecure privilege management, allows attackers to escalate their privileges.

The vulnerability of Fireware operating systems in network security devices like WatchGuard Firebox and XTM lies in the insecure management of privileges. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

Vulnerability fixed in Zyxel Firewall and VPN systems

Zyxel has fixed a vulnerability in USG/ZyWALL, USG FLEX, ATP, VPN, and NSG systems. An unauthenticated malicious party could potentially exploit the vulnerability to gain access on the vulnerable system and from there move further into the infrastructure to be protectable infrastructure. The...

U.S., U.K. Agencies Warn of New Russian Botnet Built from Hacked Firewall Devices

Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called Cyclops Blink that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter...

The vulnerability in the web interface for managing Cisco RV110W Wireless-N VPN Firewalls, Cisco RV130 VPN Routers, Cisco RV130W Wireless-N Multifunction VPN Routers, and Cisco RV215W Wireless-N VPN Routers allows a perpetrator to execute arbitrary code.

The vulnerability in the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130 VPN Routers, Cisco RV130W Wireless-N Multifunction VPN Routers, and Cisco RV215W Wireless-N VPN Routers’ web management interfaces relates to the execution of operations outside the buffer in memory. Exploiting this...

CVE-2019-1663

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The...

CVE-2017-2349

A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46...

Siemens RUGGEDCOM ROX I

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: RUGGEDCOM ROX I Vulnerabilities: Improper Authorization, Cross-Site Scripting, and Cross-Site Request Forgery AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following RUGGEDCOM...