Lucene search
K

8459 matches found

Nuclei
Nuclei
added 8 hours ago50 views

Pritunl VPN Server 1.29.2145.25 - Username Enumeration

Pritunl 1.29.2145.25 contains a username enumeration issue caused by different error responses in /auth/session login attempts, letting attackers verify valid usernames, exploit requires network access to the login endpoint. id: CVE-2020-25200 info: name: Pritunl VPN Server 1.29.2145.25 - Usernam...

5.3CVSS6.2AI score0.0747EPSS
Exploits1References1
Nuclei
Nuclei
added 8 hours ago13 views

Check Point IKEv1 Remote-Access VPN - Certificate Authentication Bypass

IKEv1 key exchange contains a broken authentication caused by logic flow weakness in Remote Access and Mobile Access certificate validation, letting unauthenticated remote attackers bypass user authentication and establish VPN connections without valid passwords, exploit requires use of deprecate...

9.3CVSS7.2AI score0.70099EPSS
Exploits5References3
Nuclei
Nuclei
added 8 hours ago56 views

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. id: CVE-2017-3133 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.5AI score0.10677EPSS
Exploits5References2
Nuclei
Nuclei
added 8 hours ago148 views

H3C SSL VPN <=2022-07-10 - Cross-Site Scripting

H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...

6.1CVSS6.4AI score0.02886EPSS
Exploits1References5
Nuclei
Nuclei
added 8 hours ago48 views

Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting

Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting. id: CVE-2018-10141 info: name: Palo Alto Networks PAN-OS GlobalProtect 8.1.4 - Cross-Site Scripting autho...

6.1CVSS6.4AI score0.03883EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday67 views

Fortinet FortiOS - Cross-Site Scripting

Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters. id: CVE-2018-13380 info: name:...

6.1CVSS6.4AI score0.62474EPSS
Exploits0References5
NVD
NVD
added 2 days ago3 views

CVE-2026-57399

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Stored XSS.This issue affects Proxy & VPN Blocker: from n/a through = 3.5.8...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57399 WordPress Proxy & VPN Blocker plugin <= 3.5.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Stored XSS.This issue affects Proxy & VPN Blocker: from n/a through = 3.5.8...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57399

The CVE-2026-57399 affects the WordPress plugin Proxy & VPN Blocker (versions up to and including 3.5.8). The issue is a Stored XSS flaw caused by improper neutralization of input during web page generation, enabling an attacker to inject script content that is stored and later rendered. Affected...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
NCSC
NCSC
added 2 days ago6 views

Vulnerabilities in Palo Alto Networks PAN-OS

Palo Alto Networks has identified several vulnerabilities in the PAN-OS software, particularly in PA-Series and VM-Series firewalls, as well as the Panorama management platform. These vulnerabilities affect various components of PAN-OS. - There are several XSS vulnerabilities in the User-ID...

9.9CVSS7.1AI score0.014EPSS
Exploits0References10
Nuclei
Nuclei
added 2 days ago49 views

Cisco Secure Firewall ASA & FTD - Authentication Bypass

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should...

8.6CVSS6.9AI score0.85543EPSS
Exploits0References2
The Hacker News
The Hacker News
added 5 days ago8 views

Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure. The apps flagged with at least one problem have been installed more than 2.4...

6.1AI score
Exploits0
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42712

A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon iked of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On an MX with SPC3 and SRX devices configured for VPN service,...

6.9CVSS5.9AI score0.00417EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-42708

An Out-of-bounds Write vulnerability in the http-gatekeeper http-gk of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a...

6.9CVSS6AI score0.00474EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-57024

A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon iked of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On an MX with SPC3 and SRX devices configured for VPN service,...

6.9CVSS0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-57024 Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually cause iked to crash continuously

A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon iked of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On an MX with SPC3 and SRX devices configured for VPN service,...

6.9CVSS0.00417EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-57024

A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon iked of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On an MX with SPC3 and SRX devices configured for VPN service,...

6.9CVSS5.9AI score0.00417EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago18 views

CVE-2026-57024

The CVE-2026-57024 entry concerns Juniper Junos OS on MX-SPC3 and SRX Series devices, where the iked process can crash under a high volume of VPN negotiation failures. According to the connected documents, repeated VPN failures cause a peer index rollover, leading to new peers being assigned indi...

6.9CVSS5.9AI score0.00417EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago14 views

CVE-2026-57021

The CVE-2026-57021 entry describes an Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) component of Juniper Networks Junos OS on SRX Series. A network-based, unauthenticated attacker can trigger the flaw by sending specially formatted requests when remote-access VPN with pre-log...

6.9CVSS6AI score0.00474EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-57021

An Out-of-bounds Write vulnerability in the http-gatekeeper http-gk of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a...

6.9CVSS6AI score0.00474EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder