Linux Distros Unpatched Vulnerability : CVE-2020-15047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers. CVE-2020-15047 Note...

Linux Distros Unpatched Vulnerability : CVE-2019-10103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JetBrains IntelliJ IDEA projects created using the Kotlin JS Client/JVM Server IDE Template were resolving Gradle artifacts using an http connection, potentiall...

CVE-2025-9961 Authenticated RCE by CWMP binary

An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle MITM attack. This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6:...

Linux Distros Unpatched Vulnerability : CVE-2011-4968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nginx http proxy module does not verify peer identity of https origin server which could facilitate man- in-the-middle attack MITM CVE-2011-4968 Note that Nessu...

PT-2025-33116 · Netskope · Netskope Client

Name of the Vulnerable Software and Affected Versions: Netskope Client affected versions not specified Description: A malicious insider with administrative privileges can potentially tamper with the Netskope Client configuration by performing a Man-in-the-Middle MITM attack on the Netskope Client...

CVE-2024-31853

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.11. During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate. This could allow an attacker to...

CVE-2024-31854

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.11. During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value. This could allow an attacker to execute...

CVE-2024-31854

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.11. During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value. This could allow an attacker to execute...

CVE-2024-31853

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.11. During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate. This could allow an attacker to...

CVE-2024-31853

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.11. During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate. This could allow an attacker to...

CVE-2024-31854

CVE-2024-31854 affects Siemens SICAM TOOLBOX II (all versions

CVE-2024-31854

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.11. During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value. This could allow an attacker to execute...

CVE-2024-31853

CVE-2024-31853 affects Siemens SICAM TOOLBOX II (all versions

CVE-2024-31853

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.11. During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate. This could allow an attacker to...

CVE-2024-31853

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.11. During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate. This could allow an attacker to...

CVE-2025-34066 AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure

An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle MITM attacks...

Man-in-the-middle(MitM) Attack

github.com/containers/podman is vulnerable to Man-In-The-Middle MITM attack. The vulnerability is due to lack of TLS certificate verification during the image download process from an OCI registry, allowing an attacker to intercept and modify the VM image data, potentially injecting malicious...

CVE-2025-32877

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle...

ROS-20250616-07

A vulnerability in the Mbed TLS software is related to a bug in the handling of memory allocation during the during the TLS handshake. Exploitation of the vulnerability could allow an attacker to bypass the authentication process Mbed TLS software vulnerability is related to insecure default...

PT-2025-23819 · Cisco · Cisco Nexus Dashboard Fabric Controller

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard Fabric Controller NDFC versions prior to 12.2.3 Description: A vulnerability exists in the SSH implementation of Cisco Nexus Dashboard Fabric Controller NDFC due to insufficient SSH host key validation. This allows an...