CVE-2025-67485

CVE-2025-67485 affects mad-proxy, a Python-based HTTP/HTTPS proxy. Versions ≤ 0.3 allow attackers to bypass traffic interception rules, potentially exposing sensitive traffic. The issue is reported with no fix at the time of publication. No exploitation details are provided in the sources beyond ...

EUVD-2025-202176

mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix a...

CVE-2025-67485 HTTP/HTTPS Traffic Interception Bypass in mad-proxy

mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix a...

CVE-2025-67485 HTTP/HTTPS Traffic Interception Bypass in mad-proxy

mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix a...

CVE-2025-65827

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise o...

CVE-2025-65830

Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if t...

Meatmeet Pro App 安全漏洞

Meatmeet Pro App is a meat product purchasing application from Meatmeet, Inc. A security vulnerability exists in Meatmeet Pro App version v1.1.2.0, which stems from allowing plaintext communication that could lead to traffic interception and complete account cracking...

CVE-2025-65827

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise o...

CVE-2025-65827

The CVE describes a mobile application configured to allow clear text traffic to all domains and to communicate with its API server over HTTP. The underlying issue is that traffic can be intercepted and modified by an upstream adversary, potentially leading to a total compromise of a user’s accou...

CVE-2025-65830

CVE-2025-65830 describes a vulnerability in the Meatmeet Pro App where missing certificate validation enables a man-in-the-middle attack on TLS traffic. Upstream attackers could decrypt, inspect, and modify requests, potentially leading to full account compromise if active authentication tokens a...

PT-2025-50502

Name of the Vulnerable Software and Affected Versions Mobile application affected versions not specified Description The mobile application allows clear text traffic to all domains and communicates with an API server over HTTP. This allows an attacker positioned upstream to intercept and modify...

Meatmeet Pro App 安全漏洞

Meatmeet Pro App is a meat product purchasing application from Meatmeet. A security vulnerability exists in Meatmeet Pro App version v1.1.2.0, which stems from a lack of certificate validation and could lead to traffic interception and complete account cracking...

PT-2025-50535

Name of the Vulnerable Software and Affected Versions Aqara Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Description Aqara Hub devices do not properly validate server certificates when downloading firmware updates over HTTPS. This allows attacke...

Plugins 信息泄露漏洞

Plugins are a number of CNI open source reference and example network plugins. An information disclosure vulnerability exists in Plugins versions 1.6.0 through 1.8.0, which stems from a misconfiguration of the nftables backend that could lead to traffic interception...

PT-2025-50538

Name of the Vulnerable Software and Affected Versions Mobile application affected versions not specified Description A missing certificate validation allows an attacker positioned upstream to intercept and decrypt TLS traffic from the mobile application. This interception enables the attacker to...

PT-2025-50296

mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix a...

mad-proxy 安全漏洞

mad-proxy is a web analytics tool from the personal developer Rajeev Sharma. A security vulnerability exists in mad-proxy version 0.3 and earlier, which stems from a vulnerability that allows an attacker to bypass HTTP/HTTPS traffic interception rules, potentially leading to the exposure of...

CVE-2025-67499 CNI Plugins Portmap nftables backend intercepts non-local traffic

The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...

EUVD-2025-201925

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...

GHSA-JV3W-X3R3-G6RM CNA Plugins Portmap nftables backend can intercept non-local traffic

Background The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. For example, if a host has the IP 198.51.100.42, a container may request that all packets to 198.51.100.42:53 be forwarded to the container's network. Vulnerability When t...