Lucene search
+L

2216 matches found

NVD
NVD
added 2026/02/25 6:16 a.m.10 views

CVE-2026-3100

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...

8.3CVSS0.00179EPSS
Exploits0References1
CVE
CVE
added 2026/02/25 5:52 a.m.22 views

CVE-2026-3100

CVE-2026-3100 affects ASUSTOR ADM FTP Backup running on Linux/x86/ARM (64‑bit). The issue is improper certificate validation in ADM FTP Backup, enabling sniffing attacks over the network. Affected versions are ADM 4.1.0–4.3.3.ROF1 and 5.0.0–5.1.2.RE51. The CVSS base score is 8.3 (HIGH) with netwo...

8.3CVSS5.5AI score0.00179EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/23 5:23 p.m.12 views

CVE-2026-27512

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

6.1CVSS0.00183EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.8 views

CVE-2025-66601

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...

6.3CVSS5.3AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.8 views

CVE-2025-66600

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS HTTP Strict Transport Security configuration. When an attacker performs a Man in the middle MITM attack, communications with the web server could be sniffed. The affected products and...

8.8CVSS5.3AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2026/02/09 4:15 a.m.3 views

CVE-2025-66601

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...

6.1CVSS5.6AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 4:15 a.m.10 views

CVE-2025-66601

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...

6.3CVSS0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/09 3:24 a.m.5 views

CVE-2025-66600

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS HTTP Strict Transport Security configuration. When an attacker performs a Man in the middle MITM attack, communications with the web server could be sniffed. The affected products and...

8.8CVSS5.3AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 3:17 a.m.18 views

CVE-2025-66601

CVE-2025-66601 affects Yokogawa FAST/TOOLS, specifically packages RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB, versions R9.01–R10.04. The vulnerability is a MIME-type handling/content-sniffing issue that could allow execution of malicious scripts when processing content delivered over the network. The ...

6.3CVSS5.3AI score0.00154EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/09 3:17 a.m.4 views

CVE-2025-66601

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...

6.3CVSS5.3AI score0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/09 3:17 a.m.38 views

CVE-2025-66601

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...

6.3CVSS0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/09 3:17 a.m.6 views

CVE-2025-66601

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...

6.3CVSS5.3AI score0.00154EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.10 views

Yokogawa FAST/TOOLS 安全漏洞

Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the versions of Yokogawa FAST/TOOLS from R9.01 to R10.04. These vulnerabilities stem from the lack of specifying MIME types, which m...

6.3CVSS5.9AI score0.00154EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.28 views

PT-2026-7049

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...

6.3CVSS5.3AI score0.00154EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/04 8:45 p.m.7 views

EUVD-2023-42101

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References2
OSV
OSV
added 2026/01/28 6:33 a.m.8 views

CVE-2026-1466 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

6.1CVSS5AI score0.00566EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/28 6:33 a.m.5 views

CVE-2026-1466

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

6.1CVSS5AI score0.00566EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.19 views

PT-2026-5062

CVE-2026-1466 Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. Th… https://t.co/rSEVfvxJRR...

6.1CVSS5.1AI score0.00566EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/01/27 9:23 p.m.17 views

CVE-2026-24439

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...

6.5CVSS5.9AI score0.00169EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 6:16 p.m.4 views

CVE-2026-24439

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...

6.5CVSS5.8AI score0.00169EPSS
Exploits0References2
Rows per page
Query Builder