Every Keystroke You Make: a Tech-Law Measurement and Analysis of Event Listeners for Wiretapping

The privacy community has a long track record of investigating emerging types of web tracking techniques. Recent work has focused on compliance of web trackers with new privacy laws such as Europe's GDPR and California's CCPA. Despite the growing body of research documenting widespread lack of...

CVE-2025-55443

Affected product: Telpo MDM Android, versions 1.4.6–1.4.9. Vulnerability: Sensitive administrator credentials and MQTT server connection details are stored in plaintext in log files on external storage, enabling access to the MDM web platform to perform administrative operations and to the MQTT s...

CVE-2025-6180

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

CVE-2025-6180

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

CVE-2025-6180 Authentication Hijack

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

CVE-2025-6180 Authentication Hijack

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

CVE-2025-6180

CVE-2025-6180 affects StrongDM Client. The issue is insufficient protection of a pre-authentication token, allowing interception and reuse via a race condition that could potentially redeem valid authentication credentials. The impact is described as token-level exposure with elevated risk to con...

PT-2025-34123 · Strongdm · Strongdm Client

Name of the Vulnerable Software and Affected Versions: StrongDM Client affected versions not specified Description: The StrongDM Client did not adequately protect a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication...

StrongDM Client 安全漏洞

StrongDM Client is a client software from StrongDM, Inc. A security vulnerability exists in StrongDM Client that stems from insufficient protection of pre-authenticated tokens, which could lead to interception and reuse of tokens...

Linux Distros Unpatched Vulnerability : CVE-2025-37957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f KVM: x86: forcibly leave nested mode on vCPU reset addressed an issue...

CVE-2025-7774 Rockwell Automation ArmorBlock 5000 I/O – Web Server Vulnerabilities

A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions...

CVE-2025-9036

Rockwell Automation FactoryTalk Action Manager (v1.0.0 Runtime) is affected by a vulnerability in its runtime event system that permits unauthenticated local access to a reusable API token. The token is broadcast over a WebSocket and can be intercepted by any local client listening on the connect...

CVE-2025-9036 Rockwell Automation FactoryTalk® Action Manager v1.0.0 Runtime Vulnerability

A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection...

K000152049: F5 Access for Android vulnerability CVE-2025-54809

Security Advisory Description F5 Access for Android before version 3.1.2, which uses HTTPS, does not verify the remote endpoint identity. CVE-2025-54809 Impact An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify data in transit. The...

CVE-2024-41986

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data...

Linux Distros Unpatched Vulnerability : CVE-2020-26976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request...

CVE-2025-52586

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write...

CVE-2025-52586

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write...

EG4 Electronics EG4 Inverters 安全漏洞

EG4 Electronics EG4 Inverters is a series of hybrid inverters from EG4 Electronics, USA. A security vulnerability exists in the EG4 Electronics EG4 Inverters that stems from the unencrypted transmission of MOD3 command traffic, which could lead to data interception and tampering...

PT-2025-32368

Name of the Vulnerable Software and Affected Versions: Inverter affected versions not specified Description: The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This may allow an attacker with access to a loca...