10 matches found
Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection
Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...
CVE-2026-29606 OpenClaw < 2026.2.14 - Webhook Signature Verification Bypass via ngrok Loopback Compatibility
OpenClaw versions prior to 2026.2.14 contain a webhook signature-verification bypass in the voice-call extension that allows unauthenticated requests when the tunnel.allowNgrokFreeTierLoopbackBypass option is explicitly enabled. An external attacker can send forged requests to the publicly...
CVE-2025-54983 Health check port on ZCC allows tunnel bypass
A health check port on Zscaler Client Connector on Windows, versions 4.6 4.6.0.216 and 4.7 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls...
CVE-2025-54983 Health check port on ZCC allows tunnel bypass
A health check port on Zscaler Client Connector on Windows, versions 4.6 4.6.0.216 and 4.7 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls...
CVE-2025-4227
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows...
F5 BIG-IP AFM Security Vulnerability
F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A security vulnerability exists in the F5 BIG-IP AFM Clients that stems from a vulnerability that allows an attacker to trick clients into sending IP traffic outside of the VPN tunnel...
The vulnerability of the Clario antivirus software client’s VPN client relates to the lack of protection for transmitted data. This allows a hacker to send arbitrary IP traffic as plain text beyond the VPN tunnel.
The vulnerability of the Clario antivirus software’s VPN client lies in the lack of protection for transmitted data. Exploiting this vulnerability allows a malicious actor to send arbitrary IP traffic as plain text outside the VPN tunnel...
CVE-2023-36671
An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. Thi...
CVE-2023-36671
An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. Thi...
Authentication flaw
Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach...