CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-20393link is external Cisco Multiple Products Improper Input Validation Vulnerability CVE-2025-40602link is external SonicWall SMA1000 Missing...

EUVD-2019-17016

Malware in sbrugna...

EUVD-2020-26393

Malware in sbrugna...

EUVD-2024-52035

Malicious code in bioql PyPI...

EUVD-2023-48577

Malicious code in bioql PyPI...

EUVD-2023-38236

Malicious code in bioql PyPI...

EUVD-2021-7481

Malicious code in bioql PyPI...

EUVD-2021-7480

Malicious code in bioql PyPI...

SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers

Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access. Cybersecurity firm Rapid7 said it observed a spike in intrusions involving SonicWall appliances over the past month, particularly following reports about renewed Akira ransomwar...

CVE-2022-22282

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability...

CVE-2021-20026

A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions...

CVE-2021-20018

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier...

CVE-2020-5148

SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewal...

CVE-2019-7489

A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier...

CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a security flaw impacting SonicWall Secure Mobile Access SMA 100 Series gateways to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked...

SonicWall Secure Mobile Access < 10.2.1.14-75sv (SNWLID-2024-0018)

The version of SonicWall Secure Mobile Access installed on the remote host is prior to 10.2.1.14-75sv. It is, therefore, affected by a vulnerability as referenced in the SNWLID-2024-0018 advisory. - Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an...

NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network VPN clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. "By targeting the implicit trust VPN clients place in servers,...

SonicWall SMA100 NetExtender Windows Client Remote Code Execution Vulnerability

Vulnerability in SonicWall SMA100 NetExtender Windows 32 and 64-bit client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.SonicWall strongly advises SSL VPN NetExtender client users to upgrade to the latest release version...

Vulnerability fixed in SonicWall SSL-VPN products

SonicWall has fixed a vulnerability in SMA 100 series SSL VPNs. An authenticated malicious party can exploit the vulnerability exploit the vulnerability to establish a link to the mobile MFA device of another user and thus potentially gain access to sensitive data in the victim's context. SonicWa...

Exploit for Out-of-bounds Write in Sonicwall Sonicos

SonicCVE-202...