Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2026/06/12 3:4 p.m.10 views

Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection

Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...

5.6AI score0.00038EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/05 10:0 p.m.4 views

CVE-2026-29606 OpenClaw < 2026.2.14 - Webhook Signature Verification Bypass via ngrok Loopback Compatibility

OpenClaw versions prior to 2026.2.14 contain a webhook signature-verification bypass in the voice-call extension that allows unauthenticated requests when the tunnel.allowNgrokFreeTierLoopbackBypass option is explicitly enabled. An external attacker can send forged requests to the publicly...

6.3CVSS6.6AI score0.0029EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/12 3:7 a.m.10 views

CVE-2025-54983 Health check port on ZCC allows tunnel bypass

A health check port on Zscaler Client Connector on Windows, versions 4.6 4.6.0.216 and 4.7 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls...

5.2CVSS0.0012EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/12 3:7 a.m.3 views

CVE-2025-54983 Health check port on ZCC allows tunnel bypass

A health check port on Zscaler Client Connector on Windows, versions 4.6 4.6.0.216 and 4.7 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls...

5.2CVSS6.5AI score0.0012EPSS
Exploits0References1
OSV
OSV
added 2025/06/13 6:15 a.m.11 views

CVE-2025-4227

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows...

3.5CVSS5.9AI score0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.4 views

F5 BIG-IP AFM Security Vulnerability

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A security vulnerability exists in the F5 BIG-IP AFM Clients that stems from a vulnerability that allows an attacker to trick clients into sending IP traffic outside of the VPN tunnel...

7.1CVSS6.7AI score0.00154EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/09/13 12:0 a.m.9 views

The vulnerability of the Clario antivirus software client’s VPN client relates to the lack of protection for transmitted data. This allows a hacker to send arbitrary IP traffic as plain text beyond the VPN tunnel.

The vulnerability of the Clario antivirus software’s VPN client lies in the lack of protection for transmitted data. Exploiting this vulnerability allows a malicious actor to send arbitrary IP traffic as plain text outside the VPN tunnel...

10CVSS6.2AI score0.00681EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/08/09 11:15 p.m.3 views

CVE-2023-36671

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. Thi...

6.3CVSS6.6AI score0.00311EPSS
Exploits1References4
OSV
OSV
added 2023/08/09 11:15 p.m.6 views

CVE-2023-36671

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. Thi...

6.3CVSS5.8AI score0.00311EPSS
Exploits1References3
Prion
Prion
added 2020/06/09 7:15 p.m.13 views

Authentication flaw

Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach...

3.3CVSS8.7AI score0.02697EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder