2216 matches found
CVE-2026-33569 Anviz Products Cleartext Transmission of Sensitive Information
Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...
PT-2026-33491
CVE-2026-33569 Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise th… https://t.co/VidnnJfRzA...
CVE-2026-40262 Note Mark has Stored XSS via Unrestricted Asset Upload
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such as HTML, SVG, or XHTML. These files are served with an...
UBUNTU-CVE-2026-5778
Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...
EUVD-2025-209395
An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T...
CVE-2025-13926 Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision
An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T...
CVE-2025-13926
An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T...
CVE-2025-13926
CVE-2025-13926 concerns the BASC 20T from Contemporary Controls. The connected records indicate an attacker could exploit data sniffed from the network to forge requests toward the BASC 20T, implying a security decision relies on inputs that may be untrusted. The available details note a network-...
Contemporary Controls BASControl20 安全漏洞
Contemporary Controls BASControl20 is a building automation control and BACnet communication controller developed by the American company Contemporary Controls. The Contemporary Controls BASC 20T has a security vulnerability that stems from network traffic sniffing, which may allow for the...
SUSE CVE-2026-32305
Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...
EUVD-2026-13840
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...
CVE-2026-24060
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...
Automated Logic WebCtrl 安全漏洞
Automated Logic WebCtrl is a web-based building automation system server developed by Automated Logic Corporation in the United States. Automated Logic WebCtrl has a security vulnerability, which stems from the unencrypted transmission of BACnet data packets. This vulnerability could allow...
CVE-2026-24060 Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...
CVE-2026-24060 Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...
CVE-2026-24060
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...
PT-2026-26712
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...
UBUNTU-CVE-2026-1005
Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...
CVE-2026-1005
Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...
EulerOS 2.0 SP12 : libwebsockets (EulerOS-SA-2026-1373)
According to the versions of the libwebsockets package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during...