HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the lack of mandatory encryption for certain data transmissions or operations. This vulnerability may lead to sensitive information being intercepted under...

Apache Tomcat 安全漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Versions 11.0.20, 10.1.53, and 9.0.116 of Apache Tomcat contain security vulnerabilities. These vulnerabilities stem from the la...

Antrea has Missing Encryption of Sensitive Data

This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly...

PT-2026-31712

Name of the Vulnerable Software and Affected Versions Apache Tomcat version 11.0.20 Apache Tomcat version 10.1.53 Apache Tomcat version 9.0.116 Description A fail-open regression in the Tribes clustering component allows the EncryptInterceptor to be bypassed. This occurs because failed decryption...

EPSON ESC/POS 访问控制错误漏洞

EPSON ESC/POS is a protocol used by the Japanese company EPSON for controlling POS printers. EPSON ESC/POS has a vulnerability related to access control. This vulnerability stems from the lack of user authentication and command authorization mechanisms, no control over network communication sourc...

(Pwn2Own) Ubiquiti Networks AI Pro Discovery Protocol Missing Encryption Protocol Downgrade Vulnerability

This vulnerability allows network-adjacent attackers to downgrade the communication protocol on affected installations of Ubiquiti Networks AI Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the discovery protocol. The issue results from the lack...

GO-2026-4478 Mattermost Server SAML implementation does not require encryption or signature verification as default in github.com/mattermost/mattermost-server

Mattermost Server SAML implementation does not require encryption or signature verification as default in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

CVE-2025-36751

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint...

CVE-2025-36751

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint...

CVE-2025-36751 Missing encryption on Local Configuration Interface or Cloud Endpoint Communication - Growatt MIC3300TL-X and ShineLan-X

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint...

CVE-2025-36751 Missing encryption on Local Configuration Interface or Cloud Endpoint Communication - Growatt MIC3300TL-X and ShineLan-X

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2016-3189)

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service crash via a crafted bzip2 file, related to block ends set to before the start of the block. This plugin only works with Tenable.ot. Please visit...

EUVD-2023-43543

Malicious code in bioql PyPI...

CVE-2025-10227

Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...

CVE-2025-10227

AxxonSoft Axxon One (C-Werk) before 2.0.8 suffers Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component. With physical access to exported storage or stolen drives, an attacker can extract archive data in plaintext due to encryption-at-rest not being used. Affected version...

CVE-2025-7970

CVE-2025-7970 affects Rockwell Automation’s FactoryTalk Activation Manager. The connected sources describe a cryptography implementation error that could allow an attacker to decrypt traffic, leading to data exposure, session hijacking, or full network communication compromise. Public disclosures...

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

...

CVE-2024-41982

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information...

Tenable Identity Exposure 安全漏洞

Tenable Identity Exposure is a fast, agentless solution from Tenable, Inc. It can detect and block attacks, eliminate attack paths, and provide risk-based guidance on vulnerability management and remediation. A security vulnerability exists in Tenable Identity Exposure versions prior to 3.77.9,...

PT-2024-5664 · Korenix · Korenix Jetport 5601V3

Name of the Vulnerable Software and Affected Versions: Korenix JetPort 5601v3 versions 1.2 and earlier Description: The issue is related to the missing encryption of sensitive data, which allows eavesdropping. This can be exploited by a remote attacker to bypass existing security restrictions...