CVE-2025-53703 DuraComm DP-10iN-100-MU Cleartext Transmission of Sensitive Information

DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers...

PT-2025-30495 · Duracomm · Duracomm Spm-500 Dp-10In-100-Mu

Name of the Vulnerable Software and Affected Versions: DuraComm SPM-500 DP-10iN-100-MU affected versions not specified Description: The device transmits sensitive data without encryption, potentially allowing attackers to intercept it. Recommendations: At the moment, there is no information about...

The vulnerability of Yandex.Disk’s cloud storage service for the iOS operating system, related to the use of an unreliable search path, allows a hacker to interrupt the search order in order to replace the executable file.

The vulnerability of Yandex.Disk’s cloud storage service for the iOS operating system is related to the use of an unreliable search path. Exploiting this vulnerability could allow a attacker to intercept the search order in order to replace the executable file with a malicious one...

CVE-2025-36106

IBM Cognos Analytics Mobile iOS 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library ...

CVE-2025-2818

A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the invite mechanism for remote clusters. An attacker can send unauthorized synchronization payloads by intercepting both the invite and password during the invitation process. Remediation Upgrad...

GHSA-4FWJ-8595-WP25 Mattermost has Insufficiently Protected Credentials

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...

Insufficiently Protected Credentials

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the invite mechanism for remote clusters. An attacker can send unauthorized synchronization payloads by...

Mattermost has Insufficiently Protected Credentials

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...

CVE-2025-6227

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...

CVE-2025-6227 Invite token is used as part of the secure communication

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...

CVE-2025-6227

Summary: CVE-2025-6227 affects Mattermost Server versions 10.5.x (<= 10.5.7) and 9.11.x (

The vulnerability of the UMI CMS content management system, related to the lack of measures taken to protect the website structure, allows attackers to intercept the administrator’s session.

The vulnerability of the UMI CMS content management system is related to the lack of measures taken to protect the website’s structure. Operating the system may allow a malicious actor, operating remotely, to intercept the administrator’s session by performing XSS attacks using a specially crafte...

CVE-2025-2818

A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...

CVE-2025-2818

A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...

CVE-2025-2818

A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...

CVE-2025-2818

Technical details such as affected components, root cause, vulnerable versions, or remediation are not publicly disclosed in the provided documents. Monitor for updates from Lenovo/Motorola advisories and Red Hat for this CVE.

PT-2025-29957 · Google +1 · Android +1

Name of the Vulnerable Software and Affected Versions: Motorola Smart Connect Android Application version 1.0 Description: A vulnerability exists in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application. This could allow a nearby attacke...

Motorola Smart Connect Android Application 安全漏洞

The Motorola Smart Connect Android Application is an Android application from Motorola, Inc. that is used to seamlessly interconnect devices. A security vulnerability exists in the Motorola Smart Connect Android Application version 1.0, which stems from mishandling of the Bluetooth transfer...

CVE-2025-53756 Cleartext Transmission Vulnerability in Digisol DG-GR6821AC Router

This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of credentials in its web management interface. A remote attacker could exploit this vulnerability by intercepting the network traffic and capturing cleartext credentials. Successful exploitation of this...