3258 matches found
pgjdbc: pgjdbc insecure authentication in channel binding
A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...
pgjdbc: pgjdbc insecure authentication in channel binding
A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...
EG4 Electronics EG4 Inverters (Update B)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to intercept and manipulate critical data, install malicious firmware, hijack device access, and gain unauthorized control over the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
pgjdbc: pgjdbc insecure authentication in channel binding
A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...
CVE-2025-20215 Cisco Webex Meeting Client Join Certificate Validation Vulnerability
A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this...
CVE-2025-54792
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
CVE-2025-54792
LocalSend (open-source file sharing app) is affected in versions 1.16.1 and earlier. A vulnerability in the discovery protocol permits an unauthenticated attacker on the same local network to impersonate legitimate devices, enabling silent interception and modification of file transfers. Impact i...
CVE-2025-54792 LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
CVE-2025-54792 LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
CVE-2025-54792 LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
CVE-2025-53399
In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets except when the relay is configured for strict source and learning disabled. Version 13.4.1...
CVE-2025-53399
In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core can allow remote attackers to inject or intercept RTP/SRTP streams via RTP packets. The issue is mitigated in 13.4.1.1 by changing the heuristic exposure to the first five packe...
rtpengine 访问控制错误漏洞
rtpengine is a media proxy software from Sipwise Open Source. An access control error vulnerability exists in rtpengine versions prior to 13.4.1.1, which stems from a source validation error in the endpoint learning logic that could lead to the injection or interception of RTP/SRTP media streams...
CVE-2025-53399
In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets except when the relay is configured for strict source and learning disabled. Version 13.4.1...
CVE-2025-53703
DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers...
CVE-2025-31953
HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...
The vulnerability of the Condeon CMS system, related to the storage of confidential information in open text, allows a hacker to intercept sessions and gain access to the user’s account.
The vulnerability of the Condeon CMS system relates to the storage of confidential information in open text within the memory dump file. Exploiting this vulnerability could allow a malicious actor to intercept sessions and gain access to the user account...
The vulnerability of the Condeon CMS system, related to deficiencies in access control, allows a hacker to intercept sessions and gain access to the user account.
The vulnerability of the Condeon CMS system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to intercept sessions and gain access to the user account...
CVE-2025-53703
DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers...
CVE-2025-53703 DuraComm DP-10iN-100-MU Cleartext Transmission of Sensitive Information
DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers...