Lucene search
K

118 matches found

CVE
CVE
added 2025/09/05 5:45 p.m.35 views

CVE-2025-30199

ECOVACS vacuum robot base stations are described as not validating firmware updates and operating over an insecure Wi‑Fi link with a deterministic WPA2‑PSK key that can be derived from the device serial number. This enables potential malicious over‑the‑air updates or code execution through the up...

7.5CVSS6.4AI score0.00268EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/09/05 5:45 p.m.10 views

CVE-2025-30199 ECOVACS Vacuum and Base Station accept unsigned firmware

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...

7.5CVSS0.00268EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/26 10:18 p.m.3 views

CVE-2025-35115 Agiloft insecure download of system packages

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30...

9.2CVSS6.3AI score0.00219EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.4 views

Agiloft 安全漏洞

Agiloft is a contract management platform from Agiloft Corporation in the United States. Agiloft has a security vulnerability that originates from the download of critical system packages over an insecure HTTP connection, which could lead to a man-in-the-middle attack...

9.2CVSS6.7AI score0.00219EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/07/10 1:24 p.m.5 views

CVE-2025-21450

Cryptographic issue occurs due to use of insecure connection method while downloading...

9.1CVSS7.2AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2025/07/08 1:15 p.m.8 views

CVE-2025-21450

Cryptographic issue occurs due to use of insecure connection method while downloading...

9.1CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/08 12:49 p.m.5 views

CVE-2025-21450 Improper Authentication in GPS_GNSS

Cryptographic issue occurs due to use of insecure connection method while downloading...

9.1CVSS7.1AI score0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/08 12:49 p.m.11 views

CVE-2025-21450 Improper Authentication in GPS_GNSS

Cryptographic issue occurs due to use of insecure connection method while downloading...

9.1CVSS0.00292EPSS
Exploits0References1
CVE
CVE
added 2025/07/08 12:49 p.m.34 views

CVE-2025-21450

CVE-2025-21450 describes a cryptographic issue arising from the use of an insecure connection method during download, affecting Qualcomm closed‑source components. The entry is labeled critical (CVSS 3.1: 9.1) with network attack vector and high impact on confidentiality and integrity. Connected d...

9.1CVSS6.6AI score0.00292EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/05/27 8:17 p.m.18 views

CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

7CVSS0.00251EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 a.m.9 views

CVE-2019-10753

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a maliciou...

5.9CVSS6.8AI score0.00724EPSS
Exploits0References1
OSV
OSV
added 2025/04/25 3:12 p.m.6 views

GHSA-95FC-G4GJ-MQMX Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks

Impact A vulnerability has been identified in Steve where by default it was using an insecure option that did not validate the certificate presented by the remote server while performing a TLS connection. This could allow the execution of a man-in-the-middle MitM attack against services using...

8CVSS6.4AI score0.00296EPSS
Exploits0References3
NVD
NVD
added 2025/01/04 3:15 p.m.13 views

CVE-2024-41768

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state...

6.5CVSS0.00401EPSS
Exploits0References1
NVD
NVD
added 2024/08/30 10:15 p.m.36 views

CVE-2024-8285

A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...

5.9CVSS0.00378EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/30 9:10 p.m.17 views

CVE-2024-8285 Kroxylicious: missing upstream kafka tls hostname verification

A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...

5.9CVSS6.6AI score0.00378EPSS
Exploits0References3
CVE
CVE
added 2024/08/30 9:10 p.m.85 views

CVE-2024-8285

CVE-2024-8285 affects Kroxylicious, where TLS upstream connections to Kafka fail to verify the server hostname. This creates a potential for MITM and data integrity/confidentiality impact. Attacks require network access and, per the sources, may require high privileges to modify Kroxylicious conf...

5.9CVSS5.7AI score0.00378EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/25 4:28 p.m.15 views

CVE-2024-1657 Platform: insecure websocket used when interacting with eda server

A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of...

8.1CVSS6.9AI score0.00378EPSS
Exploits0References3
0day.today
0day.today
added 2023/08/30 12:0 a.m.328 views

GOM Player 2.3.90.5360 MITM / Remote Code Execution Exploit

GOM Player version 2.3.90.5360 man-in-the-middle proof of concept remote code execution exploit. Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution RCE Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/18 6:51 a.m.54 views

Google Chrome's New Feature Alerts Users About Auto-Removal of Malicious Extensions

Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to proactively alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an...

6.8AI score
Exploits0
NVD
NVD
added 2023/07/13 8:15 p.m.23 views

CVE-2023-30565

An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker...

3.5CVSS0.00127EPSS
Exploits0References1
Rows per page
Query Builder