PT-2026-42367

openvpn-auth-oauth2 returns FUNC SUCCESS on client-deny, allowing unauthenticated VPN access in github.com/jkroepke/openvpn-auth-oauth2...

CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin...

CVE-2026-41070

OpenVPN OAuth2 plugin flaw exists in the experimental plugin mode: from v1.26.3 to before v1.27.3, clients that do not support WebAuth/SSO (e.g., Linux openvpn CLI) could be admitted even when authentication logic denied access. Root cause: in handleAuthUserPassVerify, ClientAuthDeny wrote "0" to...

openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access

Summary When openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin directive, clients that do not support WebAuth/SSO e.g., the openvpn CLI on Linux are incorrectly admitted to the VPN despite being denied by the authentication logic. The...

openSUSE 16 Security Update : openvpn (openSUSE-SU-2026:20137-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20137-1 advisory. - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486. Tenable has extracted the preceding...

EUVD-2025-7629

Malicious code in bioql PyPI...

CVE-2025-23384

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2.1, SCALANCE M812-1 ADSL-Router family All versions V8.2.1, SCALANCE M816...

CVE-2025-23384

The CVE-2025-23384 entry concerns Siemens devices (RUGGEDCOM RM1224 LTE and multiple SCALANCE products) affected by improper validation of usernames during OpenVPN authentication. The issue can allow a remote attacker to have partial invalid usernames accepted by the VPN server, potentially aidin...

CVE-2025-23384

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2.1, SCALANCE M812-1 ADSL-Router family All versions V8.2.1, SCALANCE M816...

CVE-2025-23384

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2.1, SCALANCE M812-1 ADSL-Router family All versions V8.2.1, SCALANCE M816...

Siemens SCALANCE M-800 and SC-600 Families

SUMMARY SCALANCE M-800 and SC-600 families are affected by improper input validation in the OpenVPN authentication. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific...

Siemens RUGGEDCOM和Siemens SCALANCE 缓冲区错误漏洞

Siemens RUGGEDCOM and Siemens SCALANCE are both products of Siemens, Germany.Siemens RUGGEDCOM is a communications device. Siemens RUGGEDCOM is a communications device that provides fast and reliable communications for the power, transportation, oil and gas, and other industries.Siemens SCALANCE ...

Linux Distros Unpatched Vulnerability : CVE-2022-0547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred...

Ewon Cosy+ / Talk2M Remote Access Solution Improper Authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-043 Product: Ewon Cosy+ / Talk2M Remote Access Solution Manufacturer: HMS Industrial Networks AB Affected Versions: N.A. Tested Versions: N.A. Vulnerability Type: Improper Authentication CWE-287 Risk Level: High Solution Statu...

GLSA-202105-25 : OpenVPN: Authentication bypass

The remote host is affected by the vulnerability described in GLSA-202105-25 OpenVPN: Authentication bypass It was discovered that OpenVPN incorrectly handled deferred authentication. Impact : A remote attacker could bypass authentication and access control channel data and trigger further...