VYPR
Vendor

Hola

Products
4
CVEs
27
Across products
28
Status
Private

Products

4

Recent CVEs

27
View all 27 CVEs →
  • CVE-2018-6623HigMar 12, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation.…

  • CVE-2025-11955HigOct 27, 2025
    risk 0.53cvss epss 0.00

    Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.

  • CVE-2017-16757HigNov 9, 2017
    risk 0.51cvss 7.8epss 0.00

    Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.

  • CVE-2023-28771KEVApr 25, 2023
    risk 0.23cvss epss 0.99

    Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an…

  • CVE-2005-0796May 2, 2005
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory.

  • CVE-2005-0795Mar 14, 2005
    risk 0.03cvss epss 0.02

    HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter.

  • CVE-2025-25565Mar 12, 2025
    risk 0.00cvss epss 0.01

    SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line.

  • CVE-2024-41183Oct 22, 2024
    risk 0.00cvss epss 0.01

    Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges.

  • CVE-2024-1195Feb 2, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be…

  • CVE-2023-27395Oct 12, 2023
    risk 0.00cvss epss 0.01

    A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to…

  • CVE-2023-22325Oct 12, 2023
    risk 0.00cvss epss 0.01

    A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger…

  • CVE-2023-32275Oct 12, 2023
    risk 0.00cvss epss 0.00

    An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.

  • CVE-2023-27516Oct 12, 2023
    risk 0.00cvss epss 0.01

    An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-32634Oct 12, 2023
    risk 0.00cvss epss 0.00

    An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability.

  • CVE-2023-31192Oct 12, 2023
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

  • CVE-2023-22844Jul 6, 2023
    risk 0.00cvss epss 0.01

    An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-23907Jul 6, 2023
    risk 0.00cvss epss 0.01

    A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-22371Jul 6, 2023
    risk 0.00cvss epss 0.03

    An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability.

  • CVE-2023-24497Jul 6, 2023
    risk 0.00cvss epss 0.01

    Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these…

  • CVE-2023-24496Jul 6, 2023
    risk 0.00cvss epss 0.01

    Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these…