CVE-2026-20014

The CVE concerns Cisco Secure Firewall ASA Software and Cisco Secure FTD Software with an IKEv2 handling flaw. An authenticated remote attacker with valid VPN user credentials can send crafted IKEv2 packets to trigger a DoS by exhausting memory, leading to a device reload and potential impact on ...

CVE-2019-25430

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpnusers endpoint with script payloads in the usernam...

CVE-2019-25430

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpnusers endpoint with script payloads in the usernam...

CVE-2019-25430 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via vpn_users

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpnusers endpoint with script payloads in the usernam...

CVE-2019-25430

Comodo Dome Firewall 2.7.0 is affected by a reflected XSS in the vpn_users endpoint. An unauthenticated attacker can submit crafted input in the username parameter via a POST request to trigger arbitrary JavaScript in a victim’s browser. CVSS v4.0 and v3.1 vectors are provided, with base scores o...

Comodo Dome Firewall 跨站脚本漏洞

Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from reflective cross-site scripts present on the vpnusers...

PT-2026-20833

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpn users endpoint with script payloads in the userna...

EUVD-2020-20228

Malware in sbrugna...

EUVD-2025-27376

Malicious code in bioql PyPI...

CVE-2025-57071

Tenda G3 v3.0brV15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-57071

Tenda G3 v3.0brV15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2023-6399

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN series firmware versions from 4.16 through 5.37...

CVE-2020-27724

In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic ove...

CVE-2024-25728

ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers, which may allow remote attackers to obtain sensitive information about...

Code injection

ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers, which may allow remote attackers to obtain sensitive information about...

CVE-2024-25728

ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers, which may allow remote attackers to obtain sensitive information about...

CVE-2024-25728

ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers, which may allow remote attackers to obtain sensitive information about...

BbyStealer’s Tactic for Targeting VPN Users

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BbyStealer malware resurfaces and orchestrates a sophisticated information-theft campaign, utilizing numerous phishing domains to target users of VPN applications engaged in downloading activities,...

CVE-2021-45991

Tenda routers G1 and G3 v15.11.0.179502CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service DoS via the vpnUsers parameter...

Code injection

In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic ove...