Design/Logic Flaw

OpenVPN Connect versions before 3.4.0.4506 macOS and OpenVPN Connect before 3.4.0.3100 Windows allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials...

CVE-2022-3761

OpenVPN Connect on macOS and Windows is affected by CVE-2022-3761 due to errors in the certificate authentication procedure, allowing a man-in-the-middle attacker to intercept requests for downloading configuration profiles that contain user credentials. Affected versions include macOS before 3.4...

CVE-2022-3761

OpenVPN Connect versions before 3.4.0.4506 macOS and OpenVPN Connect before 3.4.0.3100 Windows allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials...

CVE-2023-45194

Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 -D/-K/-S/-DK/-DKS/-M/-W firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communicati...

CVE-2023-45194

Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 -D/-K/-S/-DK/-DKS/-M/-W firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communicati...

Open5GS has an unspecified vulnerability (CNVD-2025-18587)

Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a security vulnerability that can be exploited by an attacker to intercept VNF Virtual Network Functions communications, thereby exposing sensitive information...

PT-2023-29451 · Mr-Gm3 +1 · Mr-Gm3 +1

Name of the Vulnerable Software and Affected Versions: MR-GM2 firmware versions 3.00.03 and earlier MR-GM3 -D/-K/-S/-DK/-DKS/-M/-W firmware versions 1.03.45 and earlier Description: The issue allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication when the...

F5 BIG-IP 信任管理问题漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A hard-coded credential vulnerability exists in F5 BIG-IP Next SPK, which can be exploited by an attacker with the ability to...

High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security

Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO's ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. "An attacker could have leveraged these flaws to fully...

The vulnerability of the software for centralized logging, analysis, and storage of logs by Graylog, related to incorrect session duration settings, allows a hacker to intercept a user’s session.

The vulnerability of the Graylog log collection, analysis, and storage software lies in the incorrect duration of the session. Exploiting this vulnerability allows a remote attacker to intercept the user’s session...

GoldDigger Android Trojan Targets Banking Apps in Asia Pacific Countries

A new Android banking trojan named GoldDigger has been found targeting several financial applications with an aim to siphon victims' funds and backdoor infected devices. "The malware targets more than 50 Vietnamese banking, e-wallet and crypto wallet applications," Group-IB said. "There are...

CVE-2023-44123

The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAGMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Bluetooth "com.lge.bluetoothsetting" app. The attacker's app, if it had access to app notifications, could intercept...

CVE-2023-44125

The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAGIMMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Personalized service "com.lge.abba" app. The attacker's app, if it had access to app notifications, could...

CVE-2023-44122

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings "com.lge.lockscreensettings" app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...

CVE-2023-44122 LockScreenSettings - Theft arbitrary files with system privilege

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings "com.lge.lockscreensettings" app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...

The vulnerability of the libspdm library, related to the absence of an authentication procedure that allows attackers to intercept user sessions

The vulnerability of the libspdm library is related to the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to intercept a user’s session remotely...

Super Store Finder 3.7 Remote Command Execution

Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution Researcher : Etharus Vendor : Joe Iz, https://www.superstorefinder.net/ Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.7 and below Date : 18 September 2023 FOFA Dork :...

The vulnerability of the QMS.Mobile module of the quality management software for automobile manufacturers allows a violator to intercept an active session.

The vulnerability of the QMS.Mobile module of the quality management software for automobile manufacturers, QMS Automotive, is related to incorrect session duration. Exploiting this vulnerability could allow an attacker to intercept the active session...

SQL Injection in `icms2/install/index.php`

Introduction I'm quite hesitant about reporting this vulnerability. After thinking about it, I knew I needed to provide this information to you!. As described in the documentation https://docs.instantcms.ru/en/manual/instal, at Post-Installation steps, you described that the installation director...

CVE-2023-30729

Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information...