CVE-2025-58074

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...

CVE-2025-58074

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...

CVE-2025-58074

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...

CVE-2025-58074 Privilege escalation during the installation of Norton Secure VPN via the Microsoft Store

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...

CVE-2025-58074

This CVE concerns Norton Secure VPN installation via the Microsoft Store. A privilege-escalation exists when installing Norton Secure VPN, where an unprivileged user can influence the installation by manipulating a writable 7z payload in C:\ProgramData\NortonInstaller\Settings before setup runs. ...

CVE-2025-58074 Privilege escalation during the installation of Norton Secure VPN via the Microsoft Store

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...

PT-2026-36800

Name of the Vulnerable Software and Affected Versions Norton Secure VPN affected versions not specified Description A privilege escalation issue occurs during the installation of the software via the Microsoft Store. A low-privilege user can replace files during the installation process,...

Norton Secure VPN Installation Insecure Operation On Junction Privilege Escalation Vulnerability

Talos Vulnerability Report TALOS-2025-2276 Norton Secure VPN Installation Insecure Operation On Junction Privilege Escalation Vulnerability May 4, 2026 CVE Number CVE-2025-58074 SUMMARY A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Stor...

CVE-2026-4114

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...

Siemens APE1808 Heap-based Buffer Overflow (CVE-2023-27997)

A heap-based buffer overflow vulnerability CWE-122 in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all...

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Cross-Site Scripting Vulnerability

A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a browser that is accessin...

CVE-2025-62631

An insufficient session expiration vulnerability CWE-613 vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's passwor...

CVE-2025-62631

Fortinet FortiOS versions affected by CVE-2025-62631: FortiOS 7.4.0, all 7.2 versions, all 7.0 versions, and all 6.4 versions. The issue is an insufficient session expiration (CWE-613) that lets an attacker maintain access to network resources via an active SSLVPN session not terminated after a u...

CVE-2025-25252

An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...

Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts

Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are authenticating into multiple accounts rapidly across compromised devices," it said. "The speed and scale of these attacks imply that...

CVE-2025-25248

An Integer Overflow or Wraparound vulnerability CWE-190 in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and...

U.S. Dept Of Defense: Reflected XSS Vulnerability in SSL VPN Endpoint — CVE-2025-0133

A reflected Cross-Site Scripting XSS vulnerability was discovered in a SSL VPN endpoint. The vulnerability was assigned the CVE number CVE-2025-0133. The vulnerability allowed an unauthenticated attacker to inject and execute arbitrary JavaScript in the browser of a victim who clicked on a...

ABB Arctic Wireless Gateways

SUMMARY ABB is aware of public reports of the vulnerabilities in the product versions listed as affected in this advisory. An attacker who successfully exploited modem module vulnerabilities could run arbitrary code in the wireless modem module of the product. This could lead to denial of...

CVE-2024-40763

Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution...

PT-2024-35812 · Sonicwall +1 · Sonicwall Sma100 Sslvpn +1

Name of the Vulnerable Software and Affected Versions: SonicWall SMA100 SSLVPN versions 10.2.1.13-72sv and earlier Description: A problem in the mod httprp library loaded by the Apache web server allows remote attackers to cause a stack-based buffer overflow, potentially leading to code execution...