Lucene search
+L

1999 matches found

nuclei
nuclei
added 14 hours ago59 views

SonicWall SonicOS 7.0 - Open Redirect

SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorized operations...

6.1CVSS6.5AI score0.13041EPSS
Exploits4References5
nuclei
nuclei
added 14 hours ago29 views

SonicWall Email Security <= 10.0.9.x - Unauthenticated Admin Account Creation

SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. id: CVE-2021-20021 info: name: SonicWall Email Security = 10.0.9.x - Unauthenticated Admin Account Creation author: pussycat0x severity: critical...

9.8CVSS7.1AI score0.83425EPSS
Exploits0References2
nuclei
nuclei
added 14 hours ago323 views

SonicWall GMS and Analytics Web Services - Shell Injection

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions id: CVE-2023-34124 info: name: SonicWall GMS and Analytics Web...

9.8CVSS6.9AI score0.44715EPSS
Exploits2References5
nuclei
nuclei
added 14 hours ago10 views

SonicWall GMS and Analytics - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...

7.5CVSS7.1AI score0.72203EPSS
Exploits2References5
nuclei
nuclei
added 14 hours ago58 views

SonicWall SMA1000 LFI

Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. id: CVE-2023-0126 info: name: SonicWall SMA1000 LFI author: tess severity: high description...

7.5CVSS7AI score0.72699EPSS
Exploits0References5
rapid7blog
rapid7blog
added yesterday4 views

Rapid7 MDR Team Discovers New SonicWall SMA1000 Zero Days being Actively Exploited (CVE-2026-15409, CVE-2026-15410)

Overview On July 14, 2026, SonicWall published a security advisory addressing two vulnerabilities affecting SMA1000 Series remote access appliances, including the critical server-side request forgery SSRF vulnerability CVE-2026-15409 CVSS 10.0 and the high-severity code injection vulnerability...

10CVSS7.6AI score0.01647EPSS
Exploits4
ncsc
ncsc
added yesterday10 views

Zero-day vulnerabilities are exploited in SonicWall SMA1000 devices.

SonicWall has identified two vulnerabilities in the SonicWall SMA1000 appliance. The vulnerability with the identifier CVE-2026-15409 involves Server-Side Request Forgery SSRF in the Work Place interface, allowing an unauthorized attacker to send requests to the device to unintended locations. Th...

10CVSS6.4AI score0.01647EPSS
Exploits4References1
thn
thn
added yesterday9 views

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access SMA 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below - CVE-2026-15409 CVSS score: 10.0 - A Server-side...

10CVSS7.2AI score0.01647EPSS
Exploits4
circl
circl
added 2 days ago4 views

CVE-2026-15409

creationtimestamp| type| source ---|---|--- 2026-07-14 17:48:47+00:00| seen| https://bsky.app/profile/blackhatnews.tokyo/post/3mqmrct2poa2b 2026-07-14 18:59:52+00:00| seen| https://bsky.app/profile/hapsis.bsky.social/post/3mqmvbuce4c2u 2026-07-14 19:00:30+00:00| exploited|...

10CVSS7.1AI score0.01404EPSS
Exploits3References78
circl
circl
added 2 days ago6 views

CVE-2026-15410

creationtimestamp| type| source ---|---|--- 2026-07-14 17:48:47+00:00| seen| https://bsky.app/profile/blackhatnews.tokyo/post/3mqmrct2poa2b 2026-07-14 18:59:52+00:00| seen| https://bsky.app/profile/hapsis.bsky.social/post/3mqmvbuce4c2u 2026-07-14 20:00:01+00:00| exploited|...

7.2CVSS7.1AI score0.01647EPSS
Exploits1References56
ptsecurity
ptsecurity
added 2 days ago7 views

PT-2026-58291

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 series affected versions not specified Description A Server-side request forgery SSRF issue exists in the Work Place interface. This allows a remote unauthenticated attacker to force the appliance to send requests to unintend...

10CVSS7.2AI score0.01404EPSS
Exploits3References60
ptsecurity
ptsecurity
added 2 days ago6 views

PT-2026-58292

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 series appliances affected versions not specified Description A post-authentication improper control of code generation issue exists in the Appliance Management Console AMC. This flaw allows a remote authenticated attacker wi...

7.2CVSS7.3AI score0.01647EPSS
Exploits1References46
cisa_kev
cisa_kev
added 2 days ago7 views

SonicWall SMA1000 Appliances Code Injection Vulnerability

SonicWall SMA1000 Appliances contain a code injection vulnerability which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...

7.2CVSS7.3AI score0.01647EPSS
In wildExploits1
nuclei
nuclei
added 5 days ago83 views

SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's modcgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware...

9.8CVSS7.3AI score0.99912EPSS
Exploits7References5
nuclei
nuclei
added 2026/06/25 1:31 a.m.41 views

SonicWall SRA 4600 VPN - SQL Injection

The SonicWall SRA 4600 VPN appliance is susceptible to a pre-authentication SQL injection vulnerability. id: CVE-2019-7481 info: name: SonicWall SRA 4600 VPN - SQL Injection author: darrenmartyn severity: high description: The SonicWall SRA 4600 VPN appliance is susceptible to a pre-authenticatio...

7.5CVSS7.4AI score0.99906EPSS
Exploits0References5
nuclei
nuclei
added 2026/06/23 5:8 a.m.55 views

SSL VPN Session Hijacking

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. id: CVE-2024-53704 info: name: SSL VPN Session Hijacking author: johnk3r severity: critical description: | An Improper Authentication vulnerability in the SSLVPN...

9.8CVSS7.6AI score0.95132EPSS
Exploits0References2
githubexploit
githubexploit
added 2026/05/22 8:54 a.m.109 views

Exploit for Race Condition in Sonicwall Sma_6200_Firmware

CVE-2024-6387 CVE-2024-6387 POC Currently being edited...

8.1CVSS6.4AI score0.99506EPSS
Exploits69
vulncheck_kev
vulncheck_kev
added 2026/05/19 12:0 a.m.21 views

VulnCheck KEV: CVE-2024-12802

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN User Principal Name and SAM Security Account Manager account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and...

9.1CVSS6.6AI score0.00471EPSS
In wildExploits0References3
cnnvd
cnnvd
added 2026/04/29 12:0 a.m.10 views

SonicWALL SonicOS 访问控制错误漏洞

SonicWALL SonicOS is an operating system developed by the American company SonicWALL, specifically for use with SonicWall firewall devices. There is a security vulnerability in SonicWall SonicOS related to access control mechanisms. This vulnerability may allow certain management interfaces to be...

8CVSS6AI score0.00417EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/04/29 12:0 a.m.11 views

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is an operating system developed by the American company SonicWALL, specifically for use with SonicWall firewall devices. There is a security vulnerability in SonicWALL SonicOS, which stems from a path traversal issue after authentication. This vulnerability may allow attackers ...

6.8CVSS5.8AI score0.00428EPSS
Exploits0References1
Rows per page
Query Builder