Pritunl VPN Server 1.29.2145.25 - Username Enumeration

Pritunl 1.29.2145.25 contains a username enumeration issue caused by different error responses in /auth/session login attempts, letting attackers verify valid usernames, exploit requires network access to the login endpoint. id: CVE-2020-25200 info: name: Pritunl VPN Server 1.29.2145.25 - Usernam...

CVE-2026-10872

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

Shibby Tomato 操作系统命令注入漏洞

Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28.0000 of Shibby Tomato contains a vulnerability related to operating system command injection. This vulnerability stems from the startvpnserver function in the /sbin/rc file within the Web UI...

CVE-2026-39312

CVE-2026-39312 affects SoftEtherVPN Developer Edition 5.2.5188 and earlier. It is a pre-authentication denial-of-service where an unauthenticated remote attacker can crash the vpnserver by sending a malformed EAP-TLS packet over raw L2TP (UDP/1701), terminating all active VPN sessions. The root c...

CVE-2026-0620

The CVE-2026-0620 entry concerns the TP-Link Archer AXE75 V1 when configured as an L2TP/IPSec VPN server. Affected component: L2TP/IPSec VPN server handling; root cause: L2TP connections may be accepted without IPSec protection even if IPSec is enabled, leading to unencrypted VPN sessions and exp...

CVE-2026-22226

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

CVE-2026-22226

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe...

CVE-2026-22226 Command Injection Vulnerability on TP-Link Archer BE230 and AX73

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe...

CVE-2026-22226

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe...

CVE-2019-11868

See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to...

EUVD-2025-205533

A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

EUVD-2010-3879

Malware in sbrugna...

EUVD-2017-7301

Malware in sbrugna...

EUVD-2023-31890

Malicious code in bioql PyPI...

EUVD-2022-15940

Malicious code in bioql PyPI...

Cisco Meraki 16.2 / 17 / 18.1 < 18.107.12 / 18.2 < 18.211.2 Multiple Vulnerabilities (cisco-sa-meraki-mx-vpn-dos-QTRHzG2)

The version of the remote Cisco Meraki device is 16.2, 17, 18.1 prior to 18.107.12, or 18.2 prior to 18.211.2. It is, therefore, potentially affected by multiple vulnerabilities as referenced in the cisco-sa-meraki-mx-vpn-dos-QTRHzG2 advisory, including: - Multiple vulnerabilities in the Cisco...

CVE-2025-24292

A misconfigured query in UniFi Network v9.1.120 and earlier could allow users to authenticate to Enterprise WiFi or VPN Server l2tp and OpenVPN using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile...

CVE-2025-24292

A misconfigured query in UniFi Network v9.1.120 and earlier could allow users to authenticate to Enterprise WiFi or VPN Server l2tp and OpenVPN using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile...

CVE-2025-24292

A misconfigured query in UniFi Network v9.1.120 and earlier could allow users to authenticate to Enterprise WiFi or VPN Server l2tp and OpenVPN using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile...

CVE-2025-24292

A misconfigured query in UniFi Network v9.1.120 and earlier could allow users to authenticate to Enterprise WiFi or VPN Server l2tp and OpenVPN using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile...