CVE-2026-50752 VPN site to site certificate bypass vulnerability in deprecated IKEv1 key exchange

Symptoms - A vulnerability in the certificate validation logic of the deprecated IKEv1 key exchange method may lead to a man-in-the-middle attack on the VPN site-to-site configuration. This vulnerability was discovered by Check Point security research team. There are no reported exploits of this...

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

MBS多款产品 安全漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have security vulnerabilities; these vulnerabilities stem from a stack buffer overflow in dali-devconfig, which could allow remote attackers to gain full...

MBS多款产品 安全漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have security vulnerabilities; these vulnerabilities stem from insufficient validation of user-controlled inputs through the ugw-restoreinfo method, which...

MBS多款产品 安全漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have security vulnerabilities; these vulnerabilities stem from insufficient validation of user-controlled inputs using the ugw-restore method, which could...

MBS多款产品 安全漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have security vulnerabilities. These vulnerabilities stem from insufficient validation of user-controlled inputs using the ugw-logstop method, which could...

Malicious Package

Overview @cloudplatform-single-spa/svp-gateways is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

MAL-2026-4350 Malicious code in clobprice.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

In this article 1. Attack chain overview 1. Initial access: Exploiting edge appliances 2. Discovery and reconnaissance 3. Lateral movement and identity compromise 2. Mitigation and protection guidance 1. Microsoft Defender XDR detections 2. Advanced hunting 3. Indicators of compromise IOC 4. MITR...

CVE-2026-48132 - VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP

Symptoms - The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used 4500/UDP. As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service temporary interruption o...

CVE-2026-31196

OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers ...

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

EUVD-2025-209607

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

Exploit for CVE-2025-69606

CVE-2025-69606 — Reflected XSS in GSVoIP Web Panel Severi...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. There were security vulnerabilities in the versions of OpenClaw from 2026.2.14 to 2026.3.24. These vulnerabilities stemmed from inconsistent application of Discord button and component interactions in channels and...

EUVD-2026-25951

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...

batman-adv: hold claim backbone gateways by reference

...

EUVD-2026-25326

OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding toward malicious gateways and capture...