PT-2026-45998

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

CVE-2026-48902 Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

CVE-2026-9133

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...

CVE-2026-6066 Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...

[20260518] - Core - Transport encryption downgrade for password and username reset links

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

EUVD-2017-6286

Malware in sbrugna...

EUVD-2019-15327

Malware in sbrugna...

EUVD-2022-45026

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-38823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport. CVE-2024-38823 Note that Nessus relies on the presence of the...

Alibaba Cloud Linux 3 : 0068: libpq (ALINUX3-SA-2024:0068)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0068 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-41862: In PostgreSQL, a modified,...

Alibaba Cloud Linux 3 : 0036: postgresql:13 (ALINUX3-SA-2023:0036)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0036 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-2625: A vulnerability was found i...

Security Bulletin: IBM Spectrum Protect Plus vulnerability discloses sensitive information due to unencrypted data in transit (CVE-2020-4497)

Summary IBM Spectrum Protect Plus does not encrypt data transfer between vSnap servers and application agents. This could allow an attacker to view senstive information in transit. Vulnerability Details CVEID:CVE-2020-4497 DESCRIPTION: IBM Spectrum Protect Plus discloses sensitive information due...

Linux Distros Unpatched Vulnerability : CVE-2022-41862

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditio...

Netgear C7800 Missing Transport Encryption

Netgear C7800 suffers from a man-in-the-middle vulnerability...

Netgear C7800 Missing Transport Encryption Vulnerability

Netgear C7800 suffers from a man-in-the-middle vulnerability...

HomeGallery 安全漏洞

HomeGallery is a self-hosted open source web gallery from HomeGallery Open Source. It is used for browsing tagged, mobile-friendly, and AI-driven image discovery. A security vulnerability exists in HomeGallery version 1.15.0 and prior versions, which stems from default settings that do not have T...

PT-2024-38167

Name of the Vulnerable Software and Affected Versions: eWeLink affected versions not specified Description: A local attacker can decrypt TLS communication and extract secrets to clone the device via flashing modified firmware due to a missing SSL pinning implementation. Recommendations: At the...

Cilium has insecure IPsec transport encryption

Impact Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to the following attacks by a man-in-the-middle attacker: - Chosen plaintext attacks - Key recovery attacks -...

Cilium 安全漏洞

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. A security vulnerability exists in Cilium that stems from the presence of insecure IPsec transport...

BIT-POSTGRESQL-2022-41862

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...