CVE-2025-48463

Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering...

CVE-2025-48463

CVE-2025-48463 concerns unencrypted HTTP leading to data interception and session hijacking. The provided docs confirm this vulnerability affects multiple products/vendors and characterize the impact as possible unauthorised access or data tampering due to cleartext traffic. The NVD/RH Red Hat en...

CVE-2025-48463 Unencrypted HTTP Communication

Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering...

Advantech多款产品 安全漏洞

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. An information disclosure vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause data interception and session hijacking...

PT-2025-26677 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP versions affected versions not specified Description: The issue arises from the use of unencrypted HTTP communication, allowing an attacker to intercept data and conduct session hijacking on exposed data. This could lead to...

Palo Alto GlobalProtect App MacOS 6.x < 6.2.8-h2 / 6.3.x < 6.3.3-650 Improper Access Control (CVE-2025-4227)

The version of Palo Alto GlobalProtect App installed on the remote macOS host is 6.x prior to 6.2.8-h2 or 6.3.x prior to 6.3.3-650. It is, therefore, affected by a improper access control vulnerability: - An improper access control vulnerability in the Endpoint Traffic Policy Enforcement feature ...

Autonomous 3D Moving Target Encirclement and Interception with Range Measurement

Commercial UAVs are an emerging security threat as they are capable of carrying hazardous payloads or disrupting air traffic. To counter UAVs, we introduce an autonomous 3D target encirclement and interception strategy. Unlike traditional ground-guided systems, this strategy employs autonomous...

COROS PACE 3 安全漏洞

COROS PACE 3 is a GPS sports watch from COROS China. A security vulnerability exists in COROS PACE 3 3.0808.0 and earlier versions, which originates from unencrypted WLAN communication and could lead to a man-in-the-middle attack...

PT-2025-26320 · Coros · Coros

Name of the Vulnerable Software and Affected Versions: COROS application versions 3.8.12 and earlier Description: The issue concerns the COROS application's handling of Bluetooth pairing and bonding. The application does not initiate or enforce pairing and bonding, and the watch also does not...

CVE-2025-23168

The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication 2FA using One-Time Passcodes OTP delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the O...

The vulnerability of the web interfaces of IBM OpenPages and IBM OpenPages with Watson allows a hacker to intercept user sessions.

The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to improper session management. Exploiting this vulnerability can allow a malicious actor to intercept a user’s session...

CVE-2025-4227

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows...

CVE-2025-6031

Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status...

CVE-2025-49194

The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed...

CVE-2025-49183

All communication with the REST API is unencrypted HTTP, allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files...

CVE-2025-4227

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows...

CVE-2025-4227 GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows...

CVE-2025-4227

CVE-2025-4227 affects Palo Alto Networks GlobalProtect App (Windows and macOS). The Endpoint Traffic Policy Enforcement feature is vulnerable to improper access control, allowing certain packets to remain unencrypted within the tunnel. A physical-access attacker could inject rogue devices to inte...

CVE-2025-4227 GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows...

CVE-2025-6031

Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status...