EUVD-2026-37771

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

EUVD-2022-55996

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower with VG4.2 partially affected contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause denial-of-service condition...

CVE-2022-4992 Dräger Infinity M540 VG4.1.1 Spoofed Network Message Handling DoS/Tampering

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower with VG4.2 partially affected contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause denial-of-service condition...

CVE-2022-4992

CVE-2022-4992 affects Dräger Infinity Acute Care System and Standalone Infinity M540, VG4.1.1, VG4.0.3 and lower (VG4.2 partially affected). The issue is a network message handling vulnerability that lets remote attackers inject spoofed/tampered data to cause denial-of-service, potentially modify...

PT-2026-45020

Summary AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection. Details Autoupdate/AppInstaller.m's shouldAcceptNewConnection: only enforces SUCodeSigningVerifier validateConnection: before stage 1 completes. After...

CVE-2026-27693

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

EUVD-2025-208269

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

CVE-2025-40896

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

PT-2026-22916

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

CVE-2025-69412

KDE messagelib vulnerable before version 25.11.90 due to ignoring SSL errors for threatMatches:find in the Google Safe Browsing Lookup API, potentially allowing spoofed threat data. The issue is mitigated by updating to KDE messagelib 25.11.90 or applying the vendor security patch described in th...

PT-2025-54472

Name of the Vulnerable Software and Affected Versions KDE messagelib versions prior to 25.11.90 Description The software does not properly handle SSL errors when using the Google Safe Browsing Lookup API, potentially allowing for spoofing of threat data. This issue affects the find function withi...

Linux Distros Unpatched Vulnerability : CVE-2024-45397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets ...

CVE-2025-38512

In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this...

CVE-2018-5408

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a...

CVE-2023-47700

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a...

PT-2024-13475 · Ibm · Ibm San Volume Controller +3

Name of the Vulnerable Software and Affected Versions: IBM SAN Volume Controller version 8.6 IBM Storwize version 8.6 IBM FlashSystem version 8.6 IBM Storage Virtualize version 8.6 Description: The issue allows a remote attacker to spoof a trusted system that would not be correctly validated by t...

FreeSWITCH 安全漏洞

FreeSWITCH is a free, open-source communications software program developed by Anthony Minessale, an individual developer in the United States. The software can be used to create audio, video, and short messaging products and applications. FreeSWITCH has a security vulnerability that arises from ...

IBM API Connect Input Validation Error Vulnerability (CNVD-2021-09491)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An input validation error vulnerability exists in IBM API Connect, which can be exploited by an...

IBM API Connect 输入验证错误漏洞

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An input validation error vulnerability exists in IBM API Connect, which can be exploited by an...

CVE-2017-1200

IBM BigFix Compliance 1.7 through 1.9.91 TEMA SUAv1 SCA SCM does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle MITM attack. The software might connect to a malicious host while believing it is a...