VYPR

VPN

by Hola

CVEs (23)

  • CVE-2025-11955HigOct 27, 2025
    risk 0.53cvss epss 0.00

    Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.

  • CVE-2017-16757HigNov 9, 2017
    risk 0.51cvss 7.8epss 0.00

    Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.

  • CVE-2023-28771KEVApr 25, 2023
    risk 0.23cvss epss 0.99

    Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an…

  • CVE-2025-25565Mar 12, 2025
    risk 0.00cvss epss 0.01

    SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line.

  • CVE-2024-41183Oct 22, 2024
    risk 0.00cvss epss 0.01

    Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges.

  • CVE-2024-1195Feb 2, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be…

  • CVE-2023-27395Oct 12, 2023
    risk 0.00cvss epss 0.01

    A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to…

  • CVE-2023-22325Oct 12, 2023
    risk 0.00cvss epss 0.01

    A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger…

  • CVE-2023-32275Oct 12, 2023
    risk 0.00cvss epss 0.00

    An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.

  • CVE-2023-27516Oct 12, 2023
    risk 0.00cvss epss 0.01

    An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-32634Oct 12, 2023
    risk 0.00cvss epss 0.00

    An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability.

  • CVE-2023-31192Oct 12, 2023
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

  • CVE-2023-22844Jul 6, 2023
    risk 0.00cvss epss 0.01

    An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-23907Jul 6, 2023
    risk 0.00cvss epss 0.01

    A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-22371Jul 6, 2023
    risk 0.00cvss epss 0.03

    An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability.

  • CVE-2023-24497Jul 6, 2023
    risk 0.00cvss epss 0.01

    Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these…

  • CVE-2023-24496Jul 6, 2023
    risk 0.00cvss epss 0.01

    Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these…

  • CVE-2022-37835Sep 12, 2022
    risk 0.00cvss epss 0.01

    Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges.

  • CVE-2022-34593Jul 28, 2022
    risk 0.00cvss epss 0.01

    DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability.

  • CVE-2022-24140Jul 6, 2022
    risk 0.00cvss epss 0.01

    IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the…

Page 1 of 2