3270 matches found
CVE-2025-22459
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers...
CVE-2025-22459
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers...
CVE-2025-22459
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers...
CVE-2025-22459
CVE-2025-22459 describes an improper certificate validation issue in Ivanti Endpoint Manager , affecting versions prior to 2024 SU1 and prior to 2022 SU7 . An unauthenticated remote attacker could intercept limited traffic between clients and servers due to this certificate validation flaw. Docum...
CVE-2025-22459
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers...
CVE-2024-50565
A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through...
CVE-2024-26013
A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and...
CVE-2024-26013
A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and...
PT-2025-15433 · Ivanti · Ivanti Endpoint Manager
Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 SU1 Ivanti Endpoint Manager versions prior to 2022 SU7 Description: The issue concerns improper certificate validation, allowing a remote unauthenticated attacker to intercept limited traffic...
Ivanti Endpoint Manager 安全漏洞
Ivanti Endpoint Manager is an enterprise-grade endpoint management solution, mainly used for centralized management of various types of devices including Windows, MacOS, Linux, iOS/Android mobile devices, etc., to achieve unified configuration, security control and remote operation and maintenanc...
CVE-2025-27095
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server...
CVE-2024-8773
SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...
CVE-2024-8773
SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...
CVE-2024-8773 Protocol Downgrade in SIMPLE.ERP
SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...
CVE-2024-8773
The CVE-2024-8773 issue affects SIMPLE.ERP clients (versions 6.20–6.30). A server-side MS SQL protocol downgrade can force unencrypted communication, enabling data interception and modification. Only version 6.30 received a patch ([email protected]) to enforce encryption. Versions 6.20 and 6.25 remain u...
CVE-2025-0254
HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle MitM attacks prior to 9.5 CF226. An attacker could intercept and potentially alter communication between two parties...
CVE-2025-0254 HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226.
HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle MitM attacks prior to 9.5 CF226. An attacker could intercept and potentially alter communication between two parties...
CVE-2024-10948 Arbitrary File Read via Upload Function in binary-husky/gpt_academic
A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...
CVE-2025-30132
An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and potentially intercept sensitive device...
CVE-2025-30132
An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and potentially intercept sensitive device...