444 matches found
PYSEC-2026-431 OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address...
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
Impact CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be using and saves this ...
GHSA-6JJ2-4Q5C-X8G6 CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
Impact CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be using and saves this ...
PT-2026-51074
Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The NetNamedPipe transport in CoreWCF allows local interception of traffic. This occurs because the transport accepts attachments to pre-existing named pipe instances...
CVE-2026-44494
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle MITM attack. This enables the attacker to intercept, read, and modify all...
CVE-2026-9213
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...
CVE-2026-11815
An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...
EUVD-2026-35992
An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...
PT-2026-48382
An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...
Mind Your Key: An Empirical Study of LLM API Credential Leakage in IOS Apps
The rapid integration of large language models LLMs into mobile applications has introduced a new class of credential security risk: leaked credentials that grant unauthorized access to LLM inference services, causing financial damage to developers. Prior work on credential leakage has focused...
EUVD-2026-35455
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper traffic between the router and the Internet, to execute code on the device...
CVE-2026-9213
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...
CVE-2026-9213 Insufficient input validation in certain NETGEAR routers
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...
CVE-2026-9213 Insufficient input validation in certain NETGEAR routers
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...
CVE-2026-9213
CVE-2026-9213 affects NETGEAR gaming routers. The issue stems from insufficient input validation, enabling an attacker who can intercept traffic between the router and the Internet to execute code on the device. Documented impact includes high confidentiality and integrity impact with network-exp...
CVE-2026-0409 Netgear Orbi 370 Series Remote Code Execution vulnerability
A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...
CVE-2026-0409 Netgear Orbi 370 Series Remote Code Execution vulnerability
A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...
PT-2026-47814
Name of the Vulnerable Software and Affected Versions NETGEAR Orbi 370 series versions prior to V12.1.2.7 Description A security issue exists that allows an attacker capable of intercepting and tampering with traffic between the router and the Internet to execute commands on the device. This occu...
PT-2026-47860
Name of the Vulnerable Software and Affected Versions NETGEAR gaming routers affected versions not specified Description An issue in NETGEAR gaming routers allows attackers who can intercept and tamper with traffic between the router and the Internet to execute code on the device. Recommendations...
NETGEAR Orbi 缓冲区错误漏洞
NETGEAR Orbi is a distributed WiFi system developed by NETGEAR, a company in the United States. Versions of NETGEAR Orbi 370 prior to V12.1.2.7 contained a buffer error vulnerability. This vulnerability allowed attackers to intercept and manipulate traffic between the router and the internet. The...