Lucene search
+L

2216 matches found

Cvelist
Cvelist
added 2026/04/17 7:30 p.m.22 views

CVE-2026-33569 Anviz Products Cleartext Transmission of Sensitive Information

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

6.5CVSS0.00186EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.22 views

PT-2026-33491

CVE-2026-33569 Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise th… https://t.co/VidnnJfRzA...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References6
OSV
OSV
added 2026/04/16 11:51 p.m.3 views

CVE-2026-40262 Note Mark has Stored XSS via Unrestricted Asset Upload

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such as HTML, SVG, or XHTML. These files are served with an...

8.7CVSS5.9AI score0.00309EPSS
Exploits0References5
OSV
OSV
added 2026/04/09 10:16 p.m.5 views

UBUNTU-CVE-2026-5778

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

6.5CVSS5.8AI score0.00225EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/09 9:31 p.m.10 views

EUVD-2025-209395

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T...

9.8CVSS6AI score0.00443EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 7:47 p.m.2 views

CVE-2025-13926 Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T...

9.8CVSS5.9AI score0.00443EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:47 p.m.7 views

CVE-2025-13926

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T...

9.8CVSS6AI score0.00443EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/09 7:47 p.m.18 views

CVE-2025-13926

CVE-2025-13926 concerns the BASC 20T from Contemporary Controls. The connected records indicate an attacker could exploit data sniffed from the network to forge requests toward the BASC 20T, implying a security decision relies on inputs that may be untrusted. The available details note a network-...

9.8CVSS6AI score0.00443EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.10 views

Contemporary Controls BASControl20 安全漏洞

Contemporary Controls BASControl20 is a building automation control and BACnet communication controller developed by the American company Contemporary Controls. The Contemporary Controls BASC 20T has a security vulnerability that stems from network traffic sniffing, which may allow for the...

9.8CVSS5.9AI score0.00443EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/22 12:23 a.m.5 views

SUSE CVE-2026-32305

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

5.3CVSS5.9AI score0.00405EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/21 12:31 a.m.5 views

EUVD-2026-13840

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

9.1CVSS5.8AI score0.002EPSS
Exploits0References4
NVD
NVD
added 2026/03/21 12:16 a.m.7 views

CVE-2026-24060

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

9.1CVSS0.002EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

Automated Logic WebCtrl 安全漏洞

Automated Logic WebCtrl is a web-based building automation system server developed by Automated Logic Corporation in the United States. Automated Logic WebCtrl has a security vulnerability, which stems from the unencrypted transmission of BACnet data packets. This vulnerability could allow...

9.1CVSS5.8AI score0.002EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/20 11:19 p.m.2 views

CVE-2026-24060 Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

9.1CVSS5.8AI score0.002EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/20 11:19 p.m.30 views

CVE-2026-24060 Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

9.1CVSS0.002EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 11:19 p.m.6 views

CVE-2026-24060

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

9.1CVSS5.8AI score0.002EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.12 views

PT-2026-26712

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

9.1CVSS5.8AI score0.002EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 5:16 p.m.6 views

UBUNTU-CVE-2026-1005

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...

5.3CVSS6.1AI score0.00251EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 5:0 p.m.3 views

CVE-2026-1005

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...

2.1CVSS6.1AI score0.00251EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.6 views

EulerOS 2.0 SP12 : libwebsockets (EulerOS-SA-2026-1373)

According to the versions of the libwebsockets package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during...

7.5CVSS5.9AI score0.00266EPSS
Exploits0References2
Rows per page
Query Builder