CVE-2026-45432

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead ...

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in incs/functions.inc.php,...

Zscaler Client Connector hard-coded proxy configuration domain

RISK EVALUATION ZScaler Client Connector 4.7 and 4.8 on Microsoft Windows hard codes a domain used to retrieve proxy configuration information. An attacker with control of this domain could provide arbitrary proxy configurations and intercept, redirect or disrupt traffic. 2. RECOMMENDED...

CVE-2026-1068

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application...

CVE-2026-20671

A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to interce...

CVE-2026-20671

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to interce...

CVE-2026-20671

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to interce...

CVE-2026-20671

A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to interce...

EUVD-2016-9555

Malware in sbrugna...

EUVD-2024-27673

Malicious code in bioql PyPI...

CVE-2024-32963

Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter valu...

CVE-2024-38861

Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4amk through 2.0a...

CVE-2024-38861 Lack of TLS validation in plugin MikroTik on Checkmk Exchange

Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4amk through 2.0a...

CVE-2024-20350

A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...

CVE-2024-2728

Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol...

CVE-2024-2728

CVE-2024-2728 affects the CIGESv2 system. The issue is an information exposure due to an improper TLS implementation, enabling a local attacker to intercept traffic. Affected component is the CIGESv2 system’s TLS handling; impact is confidentiality loss with no integrity/availability impact state...

CVE-2024-2371

Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials...

F5 BIG-IP Next SPK Hardcoded Credentials Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A hard-coded credential vulnerability exists in F5 BIG-IP Next SPK, which can be exploited by an attacker with the ability to...

CVE-2023-45226

The BIG-IP SPK TMM Traffic Management Module f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell SSH server on those containers. This is only exposed when ssh debug is...

CVE-2023-45226

CVE-2023-45226 affects BIG-IP Next SPK, specifically the f5-debug-sidecar and f5-debug-sshd containers in SPK TMM. The issue is hardcoded credentials that could let an attacker intercept traffic and impersonate the SPK SSH server when ssh debug is enabled. Exposure is documented in multiple sourc...