CVE-2024-27263

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques...

CVE-2024-55928

Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption...

CVE-2024-52329

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens...

PT-2025-2927 · Ecovacs · Ecovacs Home

Name of the Vulnerable Software and Affected Versions: ECOVACS HOME affected versions not specified Description: The ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. This allows an unauthenticated attacker to read or modify TLS traffic and obtain...

MasterCard DNS Error Went Unnoticed for Years

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security...

CVE-2025-0479

This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. A remote attacker could exploit this vulnerability by intercepting data transmissions during an HTTP session on the vulnerable system. Successful exploitation of this...

CVE-2024-47519

Backup uploads to ETM subject to man-in-the-middle interception...

CVE-2024-47519

CVE-2024-47519 is tied to Arista Edge Threat Management – Arista NG Firewall: backup uploads to ETM can be intercepted via a man-in-the-middle. The advisory details the affected product family and versions (NGFW/ETM, 17.1.1 and prior) and provides explicit remediation guidance. The root cause is ...

CVE-2024-47519 Backup uploads to ETM subject to man-in-the-middle interception

Backup uploads to ETM subject to man-in-the-middle interception...

CVE-2024-47519 Backup uploads to ETM subject to man-in-the-middle interception

Backup uploads to ETM subject to man-in-the-middle interception...

Secret Phone Surveillance Tech Was Likely Deployed at 2024 DNC

Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range...

CVE-2025-20126 Cisco ThousandEyes Endpoint Agent Certificate Validation Vulnerability

A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate...

Cleartext Transmission Of Sensitive Information

Keycloak is vulnerable to plain text replication. The vulnerability is due to the environment option KCCACHEEMBEDDEDMTLSENABLED not functioning as intended, resulting in JGroups replication configuration always using plain text, which allows attackers on adjacent networks to intercept and read...

CVE-2024-56733

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...

GHSA-4FWJ-M62Q-PP47 Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...

CVE-2024-56733 Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...

CVE-2024-56733

CVE-2024-56733 affects Password Pusher (versions ≤ 1.50.3). A vulnerability allows an attacker to copy the session cookie before logout, potentially enabling session hijacking until the token expires or is cleared. Root cause centers on accessing an active session cookie (e.g., MITM, XSS, or loca...

CVE-2024-56733 Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...

CVE-2024-4995 Protocol Downgrade in Wapro ERP Desktop

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0...

CVE-2024-4995

CVE-2024-4995 (Wapro ERP Desktop) is publicly described as a server-side MS SQL protocol downgrade vulnerability affecting Wapro ERP Desktop before 9.00.0. The issue enables unencrypted communication between components, which may allow data interception and modification. Public records do not spe...