Total
38 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38886 | 1 Horizoncloud | 1 Caterease | 2026-02-24 | N/A | 9.8 CRITICAL |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel. | |||||
| CVE-2026-2967 | 1 Cesanta | 1 Mongoose | 2026-02-23 | 2.6 LOW | 3.7 LOW |
| A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-22269 | 1 Dell | 1 Powerprotect Data Manager | 2026-02-20 | N/A | 4.7 MEDIUM |
| Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass. | |||||
| CVE-2025-62439 | 2026-02-10 | N/A | 4.2 MEDIUM | ||
| An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests. | |||||
| CVE-2025-13086 | 1 Openvpn | 1 Openvpn | 2026-01-30 | N/A | 7.5 HIGH |
| Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client | |||||
| CVE-2024-32388 | 1 Kerlink | 1 Keros | 2025-12-23 | N/A | 5.3 MEDIUM |
| Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected. | |||||
| CVE-2025-40820 | 2025-12-09 | N/A | 7.5 HIGH | ||
| Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services. | |||||
| CVE-2023-7004 | 2025-11-04 | N/A | 6.5 MEDIUM | ||
| The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity. | |||||
| CVE-2025-23019 | 1 Ietf | 1 Ipv6 | 2025-11-03 | N/A | 5.4 MEDIUM |
| IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface. | |||||
| CVE-2025-23018 | 1 Ietf | 1 Ipv6 | 2025-11-03 | N/A | 5.4 MEDIUM |
| IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136. | |||||
| CVE-2025-61932 | 1 Motex | 1 Lanscope Endpoint Manager | 2025-10-23 | N/A | 9.8 CRITICAL |
| Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets. | |||||
| CVE-2025-43280 | 1 Apple | 2 Ipados, Iphone Os | 2025-10-16 | N/A | 4.7 MEDIUM |
| The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode. | |||||
| CVE-2025-59159 | 2025-10-08 | N/A | 9.6 CRITICAL | ||
| SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.13.4, the web user interface for SillyTavern is susceptible to DNS rebinding, allowing attackers to perform actions like install malicious extensions, read chats, inject arbitrary HTML for phishing attacks, etc. The vulnerability has been patched in the version 1.13.4 by introducing a server configuration setting that enables a validation of host names in inbound HTTP requests according to the provided list of allowed hosts: `hostWhitelist.enabled` in config.yaml file or `SILLYTAVERN_HOSTWHITELIST_ENABLED` environment variable. While the setting is disabled by default to honor a wide variety of existing user configurations and maintain backwards compatibility, existing and new users are encouraged to review their server configurations and apply necessary changes to their setup, especially if hosting over the local network while not using SSL. | |||||
| CVE-2025-20365 | 2025-09-24 | N/A | 4.3 MEDIUM | ||
| A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on an affected device. This vulnerability is due to a logic error in the processing of IPv6 RA packets that are received from wireless clients. An attacker could exploit this vulnerability by associating to a wireless network and sending a series of crafted IPv6 RA packets. A successful exploit could allow the attacker to temporarily change the IPv6 gateway of an affected device. This could also lead to intermittent packet loss for any wireless clients that are associated with the affected device. | |||||
| CVE-2025-9999 | 2025-09-05 | N/A | N/A | ||
| Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application. | |||||
| CVE-2024-37663 | 1 Mi | 2 Redmi Ax6s, Redmi Ax6s Firmware | 2025-07-09 | N/A | 4.1 MEDIUM |
| Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages. | |||||
| CVE-2024-37664 | 1 Mi | 2 Redmi Ax6s, Redmi Ax6s Firmware | 2025-07-09 | N/A | 5.2 MEDIUM |
| Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router. | |||||
| CVE-2025-42978 | 2025-07-08 | N/A | 3.5 LOW | ||
| The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound connection being established to a possibly malicious remote TLS server and hence disclose information. Integrity and Availability are not impacted. | |||||
| CVE-2024-40503 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-07-07 | N/A | 6.5 MEDIUM |
| An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling. | |||||
| CVE-2024-40515 | 1 Tenda | 2 Ax2 Pro, Ax2 Pro Firmware | 2025-07-07 | N/A | 9.8 CRITICAL |
| An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality. | |||||