Lucene search
K

52 matches found

NCSC
NCSC
added 12 hours ago7 views

Zero-day vulnerabilities are exploited in SonicWall SMA1000 devices.

SonicWall has identified two vulnerabilities in the SonicWall SMA1000 appliance. The vulnerability with the identifier CVE-2026-15409 involves Server-Side Request Forgery SSRF in the Work Place interface, allowing an unauthorized attacker to send requests to the device to unintended locations. Th...

10CVSS6.4AI score
Exploits4References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-58291

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 Appliances affected versions not specified Description A Server-side request forgery SSRF issue exists in the Work Place interface. This allows a remote unauthenticated attacker to trick the appliance into making requests to...

10CVSS7.1AI score
Exploits3References21
RedhatCVE
RedhatCVE
added 2026/04/13 7:25 p.m.11 views

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

7.2CVSS5.8AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:25 p.m.7 views

CVE-2026-4112

Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...

7.2CVSS5.9AI score0.00613EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:25 p.m.6 views

CVE-2026-4114

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...

6.6CVSS5.8AI score0.00597EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/09 3:35 p.m.7 views

EUVD-2026-20906

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...

7.1AI score0.00597EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/09 3:35 p.m.5 views

EUVD-2026-20904

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...

7.1AI score0.00363EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 3:16 p.m.11 views

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

7.2CVSS0.00417EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 3:16 p.m.10 views

CVE-2026-4113

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...

7.2CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 3:16 p.m.12 views

CVE-2026-4114

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...

6.6CVSS0.00597EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/09 2:27 p.m.5 views

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

5.8AI score0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/09 2:27 p.m.24 views

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

0.00417EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 2:27 p.m.26 views

CVE-2026-4116

SonicWall SMA1000 series appliances are affected by CVE-2026-4116 (Unicode encoding handling) that allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication. The issue is part of a set of vulnerabilities disclosed by SonicWall (SNWLID-2026-0003). Affected de...

7.2CVSS7.1AI score0.00417EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/09 2:25 p.m.23 views

CVE-2026-4114

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...

0.00597EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/09 2:25 p.m.5 views

CVE-2026-4114

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...

7.1AI score0.00597EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:23 p.m.3 views

CVE-2026-4113

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...

7.1AI score0.00363EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/09 2:23 p.m.4 views

CVE-2026-4113

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...

5.8AI score0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/09 2:22 p.m.2 views

CVE-2026-4112

Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...

7.3AI score0.00613EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 2:22 p.m.39 views

CVE-2026-4112

SonicWall SMA1000 series devices are affected by CVE-2026-4112, an SQL injection vulnerability caused by improper neutralization of special elements. A remote authenticated attacker with read-only administrator privileges can escalate to primary administrator. The issue is documented by SonicWall...

7.2CVSS7.1AI score0.00613EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/09 2:22 p.m.24 views

CVE-2026-4112

Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...

0.00613EPSS
Exploits0References1
Rows per page
Query Builder