Lucene search
K

445 matches found

CVE
CVE
added 2026/04/10 9:22 a.m.14 views

CVE-2021-47961

The CVE describes a plaintext password storage vulnerability in Synology SSL VPN Client prior to version 1.4.5-0684 . The insecure storage can allow remote attackers to access or influence the user’s PIN, potentially enabling unauthorized VPN configuration and interception of subsequent VPN traff...

8.1CVSS5.9AI score0.00322EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/10 9:22 a.m.32 views

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS0.00322EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.11 views

Synology SSL VPN Client 安全漏洞

The Synology SSL VPN Client is a VPN client software developed by Synology, a Chinese company, used for secure connection to Synology NAS devices. Versions of the Synology SSL VPN Client prior to 1.4.5-0684 contained security vulnerabilities. These vulnerabilities stemmed from improper storage of...

8.1CVSS5.8AI score0.00322EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.9 views

PT-2026-31906

Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.4.5-0684 Description A security issue exists in Synology SSL VPN Client that allows remote attackers to access or influence a user's PIN code due to insecure storage. This could lead to unauthorized...

9.4CVSS5.9AI score0.00322EPSS
Exploits0References7
Malwarebytes
Malwarebytes
added 2026/04/08 1:31 p.m.7 views

Russian hacking group targets home and small office routers to spy on users

British security officials found that a group linked to the Russian military is spying on users of compromised Small Office/Home Office SOHO routers in a broad cyber espionage campaign. A Microsoft blog goes into the technical details of these attacks. The group, which we’ll refer to as APT28, bu...

5.9AI score
Exploits0
Veracode
Veracode
added 2026/03/25 10:4 a.m.9 views

Improper Traffic Filtering

github.com/containernetworking/plugins is vulnerable to improper traffic filtering. The vulnerability is due to incorrect handling of destination IP when using the nftables backend, which allows an attacker to intercept unintended traffic destined for the same host port across containers...

6.6CVSS7.3AI score0.00121EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/03/25 12:32 a.m.4 views

EUVD-2026-15143

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position ma...

7.5CVSS5.8AI score0.00764EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/03/25 12:32 a.m.2 views

CVE-2026-28865

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position ma...

5.8AI score0.00764EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/25 12:32 a.m.23 views

CVE-2026-28865

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position ma...

0.00764EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.3 views

PT-2026-27588

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.7 iPadOS versions prior to 18.7.7 iOS versions prior to 26.4 iPadOS versions prior to 26.4 macOS Sequoia versions prior to 15.7.5 macOS Sonoma versions prior to 14.8.5 macOS Tahoe versions prior to 26.4 tvOS versions...

7.5CVSS5.7AI score0.00764EPSS
Exploits0References12
Snyk
Snyk
added 2026/03/11 8:40 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via an unbounded read of the HTTP response body during notarization. An attacker can exhaust system memory and cause a crash by supplying a maliciously large HTTP response body if the...

6CVSS5.8AI score0.00088EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/03/11 4:38 p.m.9 views

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Agentic web browsers that leverage artificial intelligence AI capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.7 views

CVE-2026-23809

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...

7.6CVSS5.8AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 6:31 p.m.6 views

EUVD-2026-9415

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...

5.4CVSS5.8AI score0.00259EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/04 6:31 p.m.6 views

EUVD-2026-9418

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or...

4.3CVSS5.8AI score0.00147EPSS
Exploits0References2
NVD
NVD
added 2026/03/04 5:16 p.m.8 views

CVE-2026-23812

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or...

4.3CVSS0.00147EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 5:16 p.m.6 views

CVE-2026-23812

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or...

4.2CVSS5.7AI score0.00147EPSS
Exploits0References1
NVD
NVD
added 2026/03/04 5:16 p.m.14 views

CVE-2026-23809

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...

7.6CVSS0.00259EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 5:16 p.m.6 views

CVE-2026-23809

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...

7.6CVSS5.7AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/04 4:13 p.m.32 views

CVE-2026-23812 Security Boundary Bypass via Routing Node Impersonation

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or...

4.3CVSS0.00147EPSS
Exploits0References1
Rows per page
Query Builder