CVE-2026-8676

An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond...

CVE-2026-30080

OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...

CVE-2026-30080

OpenAirInterface v2.2.0 is documented to accept Security Mode Complete without integrity protection. The issue arises when a UE’s initial registration request advertises only security capability IA0, yet the system has supported integrity NIA1 and NIA2. In this scenario, the downgrade of the secu...

CVE-2026-30080

OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...

CVE-2026-25644 DataHub's LDAP Ingestion Source vulnerable to MITM attack through TLS downgrade

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...

CVE-2025-55292

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...

MiracleLinux 4 : postgresql-8.4.20-8.0.1.AXS4 (AXSA:2021-1754:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1754:02 advisory. postgresql: Reconnection can downgrade connection security settings CVE-2020-25694 postgresql: Multiple features escape security restricted operatio...

MiracleLinux 8 : postgresql:10 (AXSA:2021-1514:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1514:01 advisory. postgresql: Reconnection can downgrade connection security settings CVE-2020-25694 postgresql: Multiple features escape security restricted operatio...

CVE-2026-22698

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

CVE-2025-43522

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to access user-sensitive data...

CVE-2025-65831

The application uses an insecure hashing algorithm MD5 to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in...

JLSEC-2025-95

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

EUVD-2024-25234

Malicious code in bioql PyPI...

CVE-2021-21472

SAP Software Provisioning Manager 1.0 SAP NetWeaver Master Data Management Server 7.1 does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack,...

Infoblox NIOS Terrapin Attack (000009589)

The version of Infoblox NIOS installed on the remote host is affected by a vulnerability in OpenSSH. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted fr...

Security Bulletin: Vulnerability in paramiko affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-48795]

Summary The paramiko package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH befo...

Security Bulletin: Vulnerability in OpenSSH affects watsonx.data

Summary The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks . This could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain...

Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

Impact Timing attacks on Galois Field multiplications in this package. Successful exploitation would effectively allow a downgrade of the security guarantees of the XTS mode to the security guarantees of ECB mode, allowing block swapping, enabling identification of identical blocks, and rendering...

CVE-2024-28067

A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle MITM attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victim in plaintext...

PT-2024-22248 · Samsung · Samsung Exynos Modem 5300

Name of the Vulnerable Software and Affected Versions: Samsung Exynos Modem 5300 affected versions not specified Description: A Man-in-the-Middle MITM attacker can exploit this issue to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victi...