674 matches found
CVE-2026-48133 - Identity Awareness Captive Portal - Unauthenticated Local File Inclusion
Symptoms - When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway. - This issue affects: R82.10 with Jumbo Hotfix Take 6 or below R82 with Jumbo Hotfix Take 91 or below R81.20 with...
CVE-2026-48134 - SQL injection issue in UserCheck Portal when DLP is active
Symptoms - When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This coul...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities allowed attackers to read the encrypted email content of other users...
Phoenix Contact多款产品 安全漏洞
PHOENIX CONTACT FL SWITCH and PHOENIX CONTACT FL NAT are products of the German company PHOENIX CONTACT. PHOENIX CONTACT FL SWITCH is an industrial-grade Ethernet switch. PHOENIX CONTACT FL NAT is a series of industrial security gateways. Several products from Phoenix Contact have security...
PHOENIX CONTACT FL NAT 跨站请求伪造漏洞
PHOENIX CONTACT FL NAT is a series of industrial security gateways developed by PHOENIX CONTACT GmbH in Germany. PHOENIX CONTACT FL NAT has a cross-site request forgeing vulnerability, which originates from the Link Aggregation configuration interface. This vulnerability may allow unverified remo...
CVE-2026-0869
CVE-2026-0869 describes an authentication bypass in Brocade ASCG 3.4.0, enabling an unauthorized user to perform ASCG operations related to Brocade Support Link (BSL) and streaming configuration. The vulnerability could also disable the ASCG application or disable BSL data collection on fabric sw...
CVE-2026-0869 Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0
Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support LinkBSL and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric...
CVE-2026-1791
Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...
CVE-2026-1791
CVE-2026-1791 concerns Hillstone Networks products: Operation and Maintenance Security Gateway on Linux with vulnerable versions V5.5ST00001B113 and Hillstone Networks Security Gateway V5.5. The flaw is an unrestricted file upload of a dangerous file type, enabling an attacker to upload a web she...
CVE-2026-1791 Arbitrary File Upload Vulnerability in Operation and Maintenance Security Gateway
Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...
PT-2026-6058
Name of the Vulnerable Software and Affected Versions Hillstone Networks Operation and Maintenance Security Gateway versions V5.5ST00001B113 Hillstone Networks Security Gateway version V5.5 Description The software contains a flaw related to unrestricted file uploads, potentially allowing an...
Hillstone Operation and Maintenance Security Gateway 安全漏洞
Hillstone Operation and Maintenance Security Gateway is a network operation and maintenance management platform developed by Hillstone Corporation. Version V5.5ST00001B113 of the Hillstone Operation and Maintenance Security Gateway contains a security vulnerability. This vulnerability stems from...
CVE-2026-1738
A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwctunneladd of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be executed remotely. The exploit has been published...
CVE-2026-1736 Open5GS SGWC s11-handler.c assertion
A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwcs11handlecreateindirectdataforwardingtunnelrequest of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The...
CVE-2023-4397
A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50W series firmware version 5.37, and USG20W-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause...
CVE-2024-2649
A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /protocol/iscdevicestatus/deleteonlineuser.php. The manipulation of the argument messagecontent leads to sql...
CVE-2024-2648
A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is...
Libraesva Email Security Gateway (ESG) Web UI Detection
Binary data libraesvaemailsecuritygatewaydetect.nbin...
📄 Check Point Security Gateway R80.30 Arbitrary File Read
Proof of concept exploit for an unauthenticated arbitrary file read vulnerability in Check Point Security Gateway version R80.30. ============================================================================================================================================= | Title : Check Point...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...