Lucene search
K

1297 matches found

CVE
CVE
added 2026/06/08 11:0 a.m.227 views

CVE-2026-50752

The CVE-2026-50752 entry describes a weakness in the certificate validation logic of the deprecated IKEv1 key exchange used in VPN site‑to‑site connections with certificate‑based authentication. An unauthenticated attacker positioned as a man‑in‑the‑middle could bypass certificate validation, pot...

7.4CVSS5.8AI score0.04859EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.13 views

Check Point Quantum Security Gateway和Check Point Spark Firewalls 信任管理问题漏洞

Check Point Quantum Security Gateway and Check Point Spark Firewalls are both products of Check Point, a company based in Israel. Check Point Quantum Security Gateway is a series of enterprise-level security gateway devices. Check Point Spark Firewalls are a series of security firewall devices...

7.4CVSS5.8AI score0.04859EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.11 views

Multi-Domain Check Point IKEv2 Mitigation Script for CVE-2026-50751

A Check Point MDS administrative automation script that iterates through all configured management domains and updates Remote Access VPN global properties to enforce IKEv2-only encryption. The script publishes the resulting configuration changes and is intended as a mitigation measure rather than...

9.3CVSS5.8AI score0.70099EPSS
Exploits5
VulnCheck KEV
VulnCheck KEV
added 2026/06/08 12:0 a.m.35 views

VulnCheck KEV: CVE-2026-50751

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

9.3CVSS5.9AI score0.70099EPSS
In wildExploits5References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47276

Name of the Vulnerable Software and Affected Versions Check Point Remote Access VPN affected versions not specified Check Point Mobile Access affected versions not specified Check Point Spark firewalls affected versions not specified Description An authentication bypass exists in the certificate...

9.3CVSS7.1AI score0.70099EPSS
Exploits5References238
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/08 12:0 a.m.12 views

Check Point Security Gateway Improper Authentication Vulnerability

Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

9.3CVSS5.9AI score0.70099EPSS
In wildExploits5
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.14 views

CVE-2026-45245

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

7.4CVSS5.4AI score0.0033EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.9 views

CVE-2026-41172

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as ...

8.6CVSS5.6AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-50206

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

8.5CVSS5.5AI score0.0072EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.11 views

CVE-2026-48131

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality...

8.1CVSS5.5AI score0.02658EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 12:4 p.m.10 views

CVE-2025-12694 Local Privilege Escalation in VPN Client

A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior...

8.5CVSS5.8AI score0.00104EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 12:4 p.m.22 views

CVE-2025-12694

Forcepoint VPN Client for Windows is affected by a local privilege escalation (CVE-2025-12694) that allows a local non-administrative user to escalate privileges to SYSTEM. Affected versions: Windows client 6.11.3 and prior. The vulnerability is local with low attack complexity and no user intera...

8.5CVSS5.8AI score0.00104EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:4 p.m.10 views

CVE-2025-12694

A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior...

8.5CVSS5.8AI score0.00104EPSS
Exploits0References2
Schneier on Security
Schneier on Security
added 2026/06/04 11:4 a.m.16 views

Hacking Meta’s AI Chatbot

Hackers are convincing Meta's AI support chatbot to let them take over other peoples' accounts: A video posted on X showed the step-by-step process to hack someone's Instagram account. The hacker allegedly used a VPN to spoof the targets' presumed location to avoid triggering Instagram's automate...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/06/04 6:46 a.m.43 views

CVE-2026-50206 VPN Command Injection Vulnerability

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

8.5CVSS0.0072EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 6:46 a.m.7 views

CVE-2026-50206

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

8.5CVSS5.8AI score0.0072EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 6:46 a.m.32 views

CVE-2026-50206

CVE-2026-50206 affects VPN network profile handling where special characters in config files are not safely processed, enabling command injection. Root cause: improper sanitization or parsing of config entries leads to execution of injected commands when reading malicious config files. Documented...

8.5CVSS5.8AI score0.0072EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/04 6:46 a.m.11 views

EUVD-2026-34218

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

8.5CVSS5.8AI score0.0072EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46157

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

8.5CVSS5.8AI score0.0072EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from the improper handling of special characters in the incoming VPN network configuration files. This vulnerability may allow for command...

8.5CVSS5.3AI score0.0072EPSS
Exploits0References1
Rows per page
Query Builder