CVE-2026-49198

Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...

CVE-2026-49198

Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...

EUVD-2026-33266

Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...

Acer Predator Connect W6x 安全漏洞

The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a security vulnerability, which stems from improper access control in the MQTT proxy, allowing wildcard topic subscriptions, thereby exposin...

PT-2026-44768

Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...

CVE-2026-32959

CVE-2026-32959 concerns SD-330AC and AMC Manager from silex technology, Inc. and describes use of a broken or risky cryptographic algorithm, enabling information in network traffic to be retrieved via a man‑in‑the‑middle attack. The description does not specify exact affected versions, affected c...

SICK LMS1000和SICK MRS1000 安全漏洞

SICK LMS1000 and SICK MRS1000 are products from the German company SICK. SICK LMS1000 is a lidar sensor. SICK MRS1000 is a 3D lidar sensor. Both SICK LMS1000 and SICK MRS1000 have security vulnerabilities. These vulnerabilities stem from the use of CBC-based weak password suites in the device’s S...

GHSA-WX63-35HW-2482 HTTP/HTTPS Traffic Interception Bypass in mad-proxy

A vulnerability in mad-proxy versions = 0.3 allows attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic...

General Industrial Controls Lynx+ Gateway 安全漏洞

General Industrial Controls Lynx+ Gateway is an industrial automation gateway from General Industrial Controls India. A security vulnerability exists in the General Industrial Controls Lynx+ Gateway that originates from a clear text transmission and could lead to an attacker observing network...

CVE-2025-36249 IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

CVE-2025-61120

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

Linux Distros Unpatched Vulnerability : CVE-2023-36671

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffi...

CVE-2024-52329

CVE-2024-52329 affects ECOVACS HOME mobile app plugins for specific robots, where TLS certificate validation is not properly performed. The underlying issue allows an unauthenticated attacker to read or modify TLS traffic and to obtain authentication tokens. The entry provides CVSS data indicatin...

PT-2024-15330 · Axis · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: A flaw in the O3C feature may expose sensitive traffic between the client Axis device and the O3C server. This issue only applies if O3C is being used. Recommendations: At the moment, there...

UBUNTU-CVE-2024-3661

DHCP can add routes to a client’s routing table via the classless static route option 121. VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify...

CVE-2024-20378

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management...

PT-2024-20026 · Korenix · Korenix Jeti/O 6550

Name of the Vulnerable Software and Affected Versions: Korenix JetI/O 6550 version F208 Build:0817 Description: The issue concerns an information exposure vulnerability. It is related to the SNMP protocol, which transfers data in plaintext. This allows an attacker to intercept traffic and retriev...

DEBIAN-CVE-2022-46338

g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data...

Oracle Fusion Middleware 输入验证错误漏洞

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collections, and other capabilities. An input validation error vulnerability exists in Oracle Fusion...

Digi TransPort 安全漏洞

The Digi International Digi TransPort is a full-featured cellular router from Digi International USA. A security vulnerability exists in the Digi TransPort Gateway that stems from them not setting the Secure attribute for sensitive cookies in HTTPS sessions, which could result in a user agent...