3400 matches found
CVE-2026-45433
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and...
CVE-2026-45433
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and...
CVE-2026-45433
CVE-2026-45433 affects GX Earth 2022 ONT models. The issue is a hardcoded RSA private key embedded in device firmware, enabling a remote attacker to extract the key and potentially decrypt HTTPS traffic, enabling MITM attacks on the affected devices. The connected CVE listing documents this root ...
CVE-2026-50208
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...
CVE-2026-50208
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...
CVE-2026-50208 Permissive TrustAllCerts TLS Verification
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...
EUVD-2026-34220
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...
CVE-2026-41859
A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...
CVE-2026-41859
A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...
EUVD-2026-34193
A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...
CVE-2026-44393
Summary: OpenStack oslo.messaging (RabbitMQ driver) versions 1.0.0–17.3.0 fail TLS hostname verification when connecting to the broker. The driver validates certificate chains when ssl_ca_file is configured but does not pass the broker hostname into the TLS stack, allowing any certificate signed ...
CVE-2026-44393
An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...
EUVD-2026-34294
An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...
PT-2026-46230
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and...
CVE-2026-36610
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...
EUVD-2023-60579
A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...
CVE-2023-52951
A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...
CVE-2023-52951
A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...
CVE-2023-52951
CVE-2023-52951 affects the Synology Note Station Client prior to version 2.2.4-703, where sensitive data is transmitted in cleartext. This enables network-level (MITM) attackers to obtain user credentials. The CVE lists a CVSS v3.1 base score of 5.9 (MEDIUM) with high confidentiality impact and n...
PT-2026-45929
A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...