Lucene search
+L

56 matches found

OSV
OSV
added 2026/02/05 6:16 p.m.10 views

CVE-2025-15557

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...

8.8CVSS5.7AI score0.00183EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/05 5:45 p.m.7 views

CVE-2025-15557 Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle Attack

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...

7.5CVSS5.4AI score0.00183EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/05 5:45 p.m.33 views

CVE-2025-15557 Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle Attack

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...

7.5CVSS0.00183EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.8 views

CVE-2026-24441

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...

8.2CVSS5.5AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 8:15 p.m.4 views

CVE-2026-24441

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...

5.9CVSS5.8AI score0.00207EPSS
Exploits0References2
NVD
NVD
added 2026/02/03 8:15 p.m.7 views

CVE-2026-24441

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...

8.2CVSS0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/03 7:14 p.m.2 views

CVE-2026-24441 Tenda AC7 Transmits Admin Credentials Without HTTPS Protection

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...

8.2CVSS5.5AI score0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/03 7:14 p.m.3 views

CVE-2026-24441

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...

8.2CVSS5.5AI score0.00207EPSS
Exploits0References3
CVE
CVE
added 2026/02/03 7:14 p.m.13 views

CVE-2026-24441

The CVE-2026-24441 entry concerns Shenzhen Tenda AC7 firmware (versions prior to and including V03.03.03.01_cn) that transmits account credentials in plaintext via HTTP responses. The underlying issue is the lack of encryption for authentication material, enabling an on-path attacker to intercept...

8.2CVSS5.5AI score0.00207EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/03 7:14 p.m.29 views

CVE-2026-24441 Tenda AC7 Transmits Admin Credentials Without HTTPS Protection

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...

8.2CVSS0.00207EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.14 views

CVE-2025-67229

An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation...

9.8CVSS5.5AI score0.00255EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 12:0 a.m.15 views

CVE-2025-67229

CVE-2025-67229 affects ToDesktop Builder v0.32.1. The vulnerability is an improper certificate validation that allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation. CVSS 3.1 base score 9.8 (CRITICAL) with Network attack vector, n...

9.8CVSS5.5AI score0.00255EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/12/16 1:15 a.m.9 views

CVE-2025-14758

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials...

6.5CVSS0.002EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 12:33 a.m.5 views

EUVD-2025-203480

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials...

6.5CVSS6.3AI score0.002EPSS
Exploits0References2
CVE
CVE
added 2025/12/16 12:33 a.m.10 views

CVE-2025-14758

The CVE-2025-14758 entry concerns the YAOOK Operator’s infra-operator, where a misconfiguration in the replication security of the MariaDB component could allow an on-path attacker to read database contents, potentially including credentials. This is documented across multiple feeds (NVD, Red Hat...

6.5CVSS6.4AI score0.002EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51347

Name of the Vulnerable Software and Affected Versions YAOOK Operator affected versions not specified Description An incorrect configuration of replication security within the MariaDB component of the infra-operator in YAOOK Operator could allow an on-path attacker to read database contents, which...

6.5CVSS6.3AI score0.002EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/13 5:32 p.m.12 views

CVE-2025-59480 Inadequate validation of SSO redirect credentials permits credential theft

Mattermost Mobile Apps versions =2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses...

6.1CVSS0.00141EPSS
Exploits0References1
OSV
OSV
added 2025/11/13 5:32 p.m.6 views

CVE-2025-59480 Inadequate validation of SSO redirect credentials permits credential theft

Mattermost Mobile Apps versions =2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses...

6.1CVSS6.4AI score0.00141EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/15 9:54 a.m.10 views

CVE-2011-20002

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.2, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.2. Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This...

8.3CVSS7.4AI score0.00297EPSS
Exploits0References1
NVD
NVD
added 2025/10/14 10:15 a.m.7 views

CVE-2011-20002

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.2, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.2. Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This...

8.3CVSS0.00297EPSS
Exploits0References1
Rows per page
Query Builder