Lucene search
K

93 matches found

Snyk
Snyk
added 2026/03/11 8:42 p.m.3 views

User Impersonation

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to User Impersonation in the app registration process. An attacker can gain unauthorized access to sensitive API credentials by exploiting the ability to...

8.9CVSS5.8AI score0.00267EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/27 6:31 p.m.8 views

EUVD-2026-9041

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain...

8.2CVSS6AI score0.00193EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 6:16 p.m.9 views

CVE-2026-27752

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain...

8.2CVSS0.00193EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 6:8 p.m.11 views

CVE-2026-27752

CVE-2026-27752 affects SODOLA SL902-SWTGW124AS firmware up to version 200.1.20, where authentication credentials are transmitted over unencrypted HTTP. An attacker on the same network between a user and the device can observe traffic, intercept credentials, and reuse them to gain administrative a...

8.2CVSS6AI score0.00193EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/02/27 5:10 p.m.214 views

Exploit for CVE-2025-70342

CVE-2025-70342: Credential Interception via Named Pipe in eras...

5.9AI score0.00241EPSS
Exploits2
NVD
NVD
added 2026/02/20 5:25 p.m.4 views

CVE-2026-24455

The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network...

7.5CVSS0.00242EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

Jinan USR IOT USR-W610 安全漏洞

Jinan USR IOT USR-W610 is a serial-to-Ethernet converter developed by Jinan USR IOT. There is a security vulnerability in the Jinan USR IOT USR-W610. This vulnerability stems from the fact that the embedded Web interface of the device does not support HTTPS/TLS authentication and uses HTTP basic...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/18 12:33 a.m.5 views

Improper Certificate Validation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Certificate Validation via unauthenticated TXT records in the discovery routing. An attacker can redirect client connections to attacker-controlled endpoints and potentially...

7.1CVSS5.7AI score0.001EPSS
Exploits0References2
CVE
CVE
added 2026/01/20 9:36 p.m.14 views

CVE-2025-58742

CVE-2025-58742 affects Milner ImageDirector Capture for Windows, specifically the Connection Settings dialog. The vulnerability arises when an attacker can modify the Server field to redirect client authentication, enabling Adversary in the Middle (AiTM) and exposing credentials. Affected version...

8.5CVSS5.5AI score0.00162EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 9:36 p.m.6 views

CVE-2025-58742 Insufficient Configuration Protections Enable Database Credential Interception in Milner ImageDirector Capture

Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle AiTM by modifying the 'Server' field to redirect client...

8.5CVSS5.5AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 9:36 p.m.19 views

CVE-2025-58742 Insufficient Configuration Protections Enable Database Credential Interception in Milner ImageDirector Capture

Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle AiTM by modifying the 'Server' field to redirect client...

8.5CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 11:15 a.m.8 views

CVE-2026-22080

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerabilit...

8.7CVSS0.00106EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 11:15 a.m.8 views

CVE-2026-22079

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on the same network cou...

8.7CVSS0.00106EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 4:10 p.m.2 views

CVE-2026-22543 WEEK ENCODING FOR PASSWORDS

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

6.9CVSS6.5AI score0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/07 4:10 p.m.4 views

EUVD-2026-1415

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

6.9CVSS6.3AI score0.00176EPSS
Exploits0References1
NVD
NVD
added 2025/12/16 7:15 a.m.15 views

CVE-2025-62330

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive...

5.9CVSS0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 6:16 a.m.4 views

EUVD-2025-203509

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive...

5.9CVSS6AI score0.00133EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.12 views

PT-2025-47028

Name of the Vulnerable Software and Affected Versions General Industrial Controls Lynx+ Gateway affected versions not specified Description The Lynx+ Gateway is susceptible to a cleartext transmission issue. This could allow an attacker to intercept network traffic and potentially gain access to...

8.7CVSS6.4AI score0.00291EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2025/11/05 1:12 p.m.277 views

Exploit for Server-Side Request Forgery in Jetbrains Teamcity

TeamCity IntelliJ IDEA Plugin credential interception CVE-20...

7.5CVSS7AI score0.0134EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/11/01 4:9 p.m.10 views

CVE-2025-12508

When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality...

8.4CVSS7AI score0.00192EPSS
Exploits0References1
Rows per page
Query Builder