PT-2026-46260

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl ca file is configured, the driver enables certificate chain validation but does not pass the...

EUVD-2026-30180

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials...

CVE-2026-32623

A flaw was found in the NeutrinoRDP module of xrdp, an open-source Remote Desktop Protocol RDP server. This heap-based buffer overflow vulnerability occurs when the module fails to properly validate the size of reassembled fragmented virtual channel data against its allocated memory buffer. A...

MITM (Man-in-the-Middle) org.apache.tomcat:tomcat-coyote Dependency in Bamboo Data Center

This High severity MITM Man-in-the-Middle vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This MITM Man-in-the-Middle vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows...

Apache Airflow 信任管理问题漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Versions of Apache Airflow from 1.10.0 to 1.12.0 containe...

CVE-2026-32317

Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism...

Cryptomator 安全漏洞

Cryptomator is a simple digital self-defense tool from the Cryptomator community. Versions of Cryptomator prior to 1.12.3 contained security vulnerabilities, which were due to insufficient integrity checks in the Android system. These vulnerabilities could lead to man-in-the-middle attacks and...

Taipower APP 信任管理问题漏洞

Taipower APP is an application developed by Taipower Company in Taiwan, China, used for handling electricity-related services. The Taipower APP has a vulnerability related to trust management, which stems from improper certificate verification. This vulnerability may lead to man-in-the-middle...

CVE-2025-15573 Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to...

CVE-2025-64769

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...

MiracleLinux 3 : openssl-0.9.8e-27.AXS3.3 (AXSA:2014-379:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-379:02 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which...

IBM AIX和IBM VIOS 安全漏洞

IBM AIX and IBM VIOS are both products of the International Business Machines IBM Corporation.IBM AIX is an open standards-based UNIX operating system developed for the IBM Power architecture.IBM VIOS is part of the PowerVm® Editions hardware feature set.IBM AIX is an open standards-based UNIX...

CVE-2025-40744

A vulnerability has been identified in Solid Edge SE2025 All versions V225.0 Update 11. Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks...

Astra Linux - уязвимость в curl

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

CVE-2025-59410 Dragonfly tiny file download uses hard coded HTTP protocol

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing th...

PT-2025-35486

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.1.0 Description: IBM Concert Software versions 1.0.0 through 1.1.0 may allow a remote attacker to perform unauthorized actions using man-in-the-middle techniques due to improper certificate...

Linux Distros Unpatched Vulnerability : CVE-2011-3374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack...

CVE-2025-40770

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions. The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to man-in-the-middle attacks...

Fortinet多款产品 安全漏洞

Fortinet FortiOS and others are products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiManager is a centralized network security management platform.Fortinet FortiProxy is a secure network proxy that protects...