CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6142 matches found

RedhatCVE•added 2026/01/09 8:32 a.m.•10 views

CVE-2024-39350

A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC50...

7.5CVSS7AI score0.00668EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:31 a.m.•8 views

CVE-2019-16209

A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets LayerSSLconnections...

7.4CVSS6.7AI score0.0074EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:24 a.m.•7 views

CVE-2006-3415

Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle MITM attack via unspecified vectors...

6.4CVSS7AI score0.02009EPSS

Exploits0References1

IBM Security Bulletins•added 2025/12/15 8:2 a.m.•50 views

Security Bulletin: Vulnerability in openssh and libssh libraries (CVE-2023-28709) affects Power HMC

Summary The openssh and libssh libraries are used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process ...

7.5CVSS6.6AI score0.93305EPSS

Exploits5Affected Software1

RedhatCVE•added 2025/11/27 1:54 p.m.•5 views

CVE-2025-44018

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

8.3CVSS6.6AI score0.00218EPSS

Exploits0References1

RedhatCVE•added 2025/11/18 5:56 a.m.•6 views

CVE-2025-60022

Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication...

4.8CVSS5AI score0.00121EPSS

Exploits0References1

OSV•added 2025/11/14 2:45 p.m.•25 views

HSEC-2023-0015 cabal-install uses expired key policies

cabal-install uses expired key policies A problem was recently discovered in cabal-install's implementation of the Hackage Security protocol that would allow an attacker who was in possession of a revoked private key and who could perform a man-in-the-middle attack against Hackage to use the...

7AI score

Exploits0References2

CNNVD•added 2025/11/13 12:0 a.m.•4 views

IBM AIX和IBM VIOS 安全漏洞

IBM AIX and IBM VIOS are both products of the International Business Machines IBM Corporation.IBM AIX is an open standards-based UNIX operating system developed for the IBM Power architecture.IBM VIOS is part of the PowerVm® Editions hardware feature set.IBM AIX is an open standards-based UNIX...

9CVSS6AI score0.00264EPSS

Exploits0References2

NVD•added 2025/11/11 9:15 p.m.•4 views

CVE-2025-40744

A vulnerability has been identified in Solid Edge SE2025 All versions V225.0 Update 11. Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks...

8.7CVSS0.00193EPSS

Exploits0References1

Packet Storm News•added 2025/11/08 12:0 a.m.•6 views

Cryptographic Binding Should Not Be Optional: A Formal-Methods Analysis of FIDO UAF Channel Binding

As a case study in cryptographic binding, we present a formal-methods analysis of the cryptographic channel binding mechanisms in the Fast IDentity Online FIDO Universal Authentication Framework UAF authentication protocol, which seeks to reduce the use of traditional passwords in favor of...

6.9AI score

Exploits0

Packet Storm News•added 2025/11/05 12:0 a.m.•4 views

Design and Detection of Covert Man-In-The-Middle Cyberattacks on Water Treatment Plants

Cyberattacks targeting critical infrastructures, such as water treatment facilities, represent significant threats to public health, safety, and the environment. This paper introduces a systematic approach for modeling and assessing covert man-in-the-middle MitM attacks that leverage system...

6.8AI score

Exploits0

RedHat Linux•added 2025/10/15 4:34 p.m.•4 views

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

5.7CVSS5.8AI score0.00681EPSS

Exploits0References4

CVE•added 2025/10/14 3:22 p.m.•24 views

CVE-2025-25253

CVE-2025-25253 describes improper validation of certificate hostnames in FortiProxy (and FortiOS ZTNA proxy) that could allow an unauthenticated attacker in a man-in-the-middle position to intercept and tamper with connections. Affected products/versions from the provided docs include FortiProxy ...

7.5CVSS6.5AI score0.00104EPSS

Exploits1References2Affected Software1