56 matches found
CVE-2025-15557
An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...
CVE-2025-15557 Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle Attack
An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...
CVE-2025-15557 Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle Attack
An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...
CVE-2026-24441
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...
CVE-2026-24441
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...
CVE-2026-24441
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...
CVE-2026-24441 Tenda AC7 Transmits Admin Credentials Without HTTPS Protection
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...
CVE-2026-24441
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...
CVE-2026-24441
The CVE-2026-24441 entry concerns Shenzhen Tenda AC7 firmware (versions prior to and including V03.03.03.01_cn) that transmits account credentials in plaintext via HTTP responses. The underlying issue is the lack of encryption for authentication material, enabling an on-path attacker to intercept...
CVE-2026-24441 Tenda AC7 Transmits Admin Credentials Without HTTPS Protection
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...
CVE-2025-67229
An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation...
CVE-2025-67229
CVE-2025-67229 affects ToDesktop Builder v0.32.1. The vulnerability is an improper certificate validation that allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation. CVSS 3.1 base score 9.8 (CRITICAL) with Network attack vector, n...
CVE-2025-14758
Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials...
EUVD-2025-203480
Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials...
CVE-2025-14758
The CVE-2025-14758 entry concerns the YAOOK Operator’s infra-operator, where a misconfiguration in the replication security of the MariaDB component could allow an on-path attacker to read database contents, potentially including credentials. This is documented across multiple feeds (NVD, Red Hat...
PT-2025-51347
Name of the Vulnerable Software and Affected Versions YAOOK Operator affected versions not specified Description An incorrect configuration of replication security within the MariaDB component of the infra-operator in YAOOK Operator could allow an on-path attacker to read database contents, which...
CVE-2025-59480 Inadequate validation of SSO redirect credentials permits credential theft
Mattermost Mobile Apps versions =2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses...
CVE-2025-59480 Inadequate validation of SSO redirect credentials permits credential theft
Mattermost Mobile Apps versions =2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses...
CVE-2011-20002
A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.2, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.2. Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This...
CVE-2011-20002
A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.2, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.2. Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This...