Lucene search
K

2423 matches found

Nuclei
Nuclei
added 4 hours ago46 views

OpenVPN Access Server 2.1.4 - CRLF Injection

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATHINFO to sessionstart/. id:...

6.1CVSS6.5AI score0.04622EPSS
Exploits3References3
NVD
NVD
added 5 days ago9 views

CVE-2026-15204

A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415B20250515/9.1.0cu.2350B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched...

6.9CVSS0.00488EPSS
Exploits0References6
CVE
CVE
added 5 days ago14 views

CVE-2026-15204

TOTOLINK X5000R is affected by CVE-2026-15204. The OpenVPN Export feature (file /web/cgi-bin/cstecgi.cgi, function exportOvpn) is vulnerable to path traversal. The vulnerability can be exploited remotely. Details in connected records identify the affected product/version (9.1.0cu.2415_B20250515/9...

6.9CVSS6AI score0.00488EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42660

A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415B20250515/9.1.0cu.2350B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched...

6.9CVSS6AI score0.00488EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-15204 TOTOLINK X5000R OpenVPN Export cstecgi.cgi exportOvpn path traversal

A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415B20250515/9.1.0cu.2350B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched...

6.9CVSS0.00488EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2025-3110

A flaw in OpenVPN Access Server allows remote attackers to smuggle HTTP requests when the server operates behind a reverse proxy. The issue stems from the server accepting unstandardized bare line-feed sequences in HTTP headers. Mitigation To mitigate this issue, ensure that any reverse proxy...

7.5CVSS6AI score0.00259EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 5 days ago3 views

OpenVPN 2.5.0 < 2.5.12 / 2.6.0 < 2.6.21 / 2.7.x < 2.7.5 Memory Leak DoS

According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is affected by a denial of service vulnerability: - A memory leak in tls-crypt-v2 client key handling allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a deni...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago3 views

OpenVPN 2.6.0 < 2.6.21 / 2.7.x < 2.7.5 Multiple Vulnerabilities

According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is affected by multiple vulnerabilities: - A use-after-free bug in ackwritebuf, triggerable by a well-timed sequence of control channel and authentication packets. CVE-2026-12996 - A...

5.9CVSS7.1AI score0.00487EPSS
Exploits0References7
NVD
NVD
added 6 days ago9 views

CVE-2025-3110

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...

7.5CVSS0.00259EPSS
Exploits0References1
Mageia
Mageia
added 6 days ago4 views

Updated openvpn packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Possible 1-byte buffer overrun on NTLMv2 proxy responses. CVE-2026-11771 Memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes. CVE-2026-12932 Use-after-free bug in ackwritebuf,...

7.5CVSS7.3AI score0.00549EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago34 views

CVE-2025-3110

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...

6.9CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added 6 days ago21 views

CVE-2025-3110

CVE-2025-3110 affects OpenVPN Access Server 2.7.2 through 3.1.0, where the server accepts bare line-feed sequences inside HTTP header values, enabling HTTP request smuggling when deployed behind a reverse proxy. Red Hat’s advisory notes this flaw stems from unstandardized LF handling in HTTP head...

7.5CVSS6AI score0.00259EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago5 views

EUVD-2025-210441

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...

6.9CVSS6AI score0.00259EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 4:16 p.m.8 views

CVE-2026-13122

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS0.00487EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 3:16 p.m.6 views

CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

7.5CVSS0.00549EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 2:32 p.m.18 views

CVE-2026-13122

Summary: CVE-2026-13122 affects OpenVPN up to v2.6.20 and v2.7.4 (including 2.7_alpha1–2.7.4). A malformed authentication token, when external-auth is enabled, can trigger a reachable assertion and cause a denial of service. Impact: Denial of service; vulnerability affects remote attacker exploit...

5.9CVSS6AI score0.00487EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/06 2:32 p.m.37 views

CVE-2026-13122

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS0.00487EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:32 p.m.12 views

CVE-2026-13122

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS6AI score0.00487EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/06 2:32 p.m.4 views

EUVD-2026-41880

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS6AI score0.00487EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/07/06 2:32 p.m.5 views

CVE-2026-13122

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS6AI score0.00487EPSS
Exploits0References1
Rows per page
Query Builder