Lucene search
+L

1274 matches found

NVD
NVD
added 5 days ago3 views

CVE-2026-50694

Use after free in Windows Secure Socket Tunneling Protocol SSTP allows an unauthorized attacker to execute code over a network...

9.8CVSS0.00649EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 5 days ago7 views

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Use after free in Windows Secure Socket Tunneling Protocol SSTP allows an unauthorized attacker to execute code over a network...

9.8CVSS6.2AI score0.00649EPSS
Exploits0
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-58214

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A use after free issue in the Windows Secure Socket Tunneling Protocol SSTP allows an unauthorized attacker to execute code over a network. Use after free is a memory corruption fla...

8.1CVSS6.2AI score0.00649EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago9 views

Malicious code in permcserver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf9fcdfd2e40ddb8c0aef4fa0fb93f2d0bcf3b0c00104057076f8013a70812d6 The package's main index.js is a 10-line FFI shim that spawns a worker, dlopens the bundled lib-linux.so via koffi, and immediately invokes the nativ...

6.3AI score
Exploits0References4
OSV
OSV
added 6 days ago5 views

MAL-2026-10489 Malicious code in permcserver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf9fcdfd2e40ddb8c0aef4fa0fb93f2d0bcf3b0c00104057076f8013a70812d6 The package's main index.js is a 10-line FFI shim that spawns a worker, dlopens the bundled lib-linux.so via koffi, and immediately invokes the nativ...

6.3AI score
Exploits0References4
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.25 views

FTP Fetch, Windows shellcode stage, Reverse HTTP Stager Proxy

Fetch and execute an x86 payload from an FTP server. Custom shellcode stage. Tunnel communication over HTTP Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...

6.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/09 2:40 p.m.4 views

openssh: OpenSSH sshd: Security bypass due to incorrect handling of forwarding and tunneling options

A flaw was found in sshd, the OpenSSH server daemon. When DisableForwarding=yes is configured to prevent network traffic forwarding, it incorrectly fails to take precedence over PermitTunnel=yes. This allows a remote attacker to bypass intended security restrictions and establish a tunnel,...

7.5CVSS6.1AI score0.0014EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/07/08 5:38 a.m.8 views

CVE-2026-59999

A flaw was found in sshd, the OpenSSH server daemon. When DisableForwarding=yes is configured to prevent network traffic forwarding, it incorrectly fails to take precedence over PermitTunnel=yes. This allows a remote attacker to bypass intended security restrictions and establish a tunnel,...

7.5CVSS6AI score0.0014EPSS
Exploits0References6
OSV
OSV
added 2026/07/08 1:16 a.m.5 views

DEBIAN-CVE-2026-59999

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...

7.5CVSS5.9AI score0.0014EPSS
Exploits0References1
Fedora
Fedora
added 2026/07/04 1:7 a.m.56 views

[SECURITY] Fedora 43 Update: openvpn-2.6.21-1.fc43

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/29 11:30 a.m.7 views

CVE-2026-13563

A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack...

9CVSS7.8AI score0.00445EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/29 11:30 a.m.36 views

CVE-2026-13563 Edimax EW-7478APC POST Request formL2TPSetup stack-based overflow

A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack...

9CVSS0.00445EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 7:17 p.m.4 views

GHSA-CG7W-RG45-PC59 pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678)

Summary When an application using Pydantic AI opts a URL into forcedownload='allow-local' which disables the default block on private/internal IPs and runs on a network that routes the affected IPv6 transition forms NAT64- or ISATAP-configured networks, the cloud-metadata blocklist could be...

6.8CVSS5.8AI score0.00332EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 2:16 a.m.14 views

CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS0.00437EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 8:39 a.m.16 views

CVE-2026-53262

CVE-2026-53262 affects the Linux kernel ioctl path for the pppol2tp module (l2tp) where pppol2tp_ioctl() dereferenced sock->sk->sk_user_data without proper locking while a sleep could occur during copy_from_user(). If a concurrent socket close happened, l2tp_session_close() could free the s...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53262 l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl()

In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tpioctl pppol2tpioctl read sock-sk-skuserdata directly without any locks or reference counting. If a controllable sleep was induced during copyfromuser e.g. via a userfaultfd pag...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: l2tp: Fix memleak in l2tpudpencaprecv. syzbot reported memleak of struct l2tpsession, l2tptunnel, sock, etc. 0 The cited commit moved down the validation of the protocol version in l2tpudpencaprecv. The new place requires an extr...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: l2tp: avoided a data race in l2tptunneldelwork We should only access sk-sksocket when dealing with kernel sockets. syzbot reported the following data race: BUG: KCSAN: data race in l2tptunneldelwork / skcommonrelease Task 5365...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/15 6:6 p.m.19 views

kernel security update

An update is available for kernel. This update affects Rocky Linux SIG Cloud 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux...

9.8CVSS5.2AI score0.00563EPSS
Exploits0
OSV
OSV
added 2026/06/12 3:4 p.m.10 views

GHSA-24FP-5V3P-RVPW Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection

Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...

8.5CVSS5.6AI score0.00038EPSS
Exploits0References2
Rows per page
Query Builder