EUVD-2026-34339

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

CVE-2026-10872 Shibby Tomato Web UI rc start_vpnserver os command injection

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

CVE-2026-10872 Shibby Tomato Web UI rc start_vpnserver os command injection

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

CVE-2026-10872

CVE-2026-10872 affects Shibby Tomato 1.28.0000 Web UI: the start_vpnserver function in /sbin/rc is vulnerable to remote OS command injection. Exploit published; impact is high (C/I/A). Privileges required: HIGH; no user interaction. Superseded by FreshTomato.

PT-2026-46398

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function start vpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

EUVD-2023-27681

Malicious code in bioql PyPI...

CVE-2023-27395

A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this...

CVE-2023-27395

A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this...

CVE-2023-22308

An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2023-22308

An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2023-22308

CVE-2023-22308 affects SoftEther VPN vpnserver OpenVPN support. Talos reports an integer underflow in OvsProcessData handling for TCP OpenVPN data, enabling a crafted TCP packet to crash the server (denial of service). OpenVPN traffic is identified by the first two bytes 0x00 0x0E in TCP mode; UD...

CVE-2023-22308

An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2023-27395

A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this...

CVE-2023-25774

A denial-of-service vulnerability exists in the vpnserver ConnectionAccept functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability...

CVE-2023-25774

CVE-2023-25774: Talos reports a denial-of-service in SoftEther VPN 5.01.9674 and 5.02 due to a vulnerability in vpnserver ConnectionAccept() that can exhaust resources by spawning many threads. Root cause appears to be synchronization/locking leading to long delays and eventual server crash under...

CVE-2023-23581

A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service...

CVE-2023-23581

A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service...

CVE-2023-23581

CVE-2023-23581 is a SoftEther VPN vulnerability in the vpnserver EnSafeHttpHeaderValueStr function. Talos confirms denial-of-service via specially crafted network packets, affecting SoftEther VPN server versions 5.01.9674 and 5.02. The root cause is an out-of-bounds read triggered during HTTP hea...

SoftEther VPN vpnserver WpcParsePacket() heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1735 SoftEther VPN vpnserver WpcParsePacket heap-based buffer overflow vulnerability October 12, 2023 CVE Number CVE-2023-27395 SUMMARY A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket functionality of SoftEther VPN...

PT-2023-19058 · Softether · Softether Vpn

Name of the Vulnerable Software and Affected Versions: SoftEther VPN versions 5.01.9674 through 5.02 Description: A denial-of-service issue exists in the vpnserver EnSafeHttpHeaderValueStr functionality. It can be triggered by a specially crafted network packet, leading to denial of service...