Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

CVE-2025-59450

The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials...

Improper Data Encryption

Temporal api-go is vulnerable to Improper Data Encryption. The vulnerability is due to missing Data Converter transformations due to the update response information not being processed by the Data Converter when using a gRPC proxy with the api-go module, leading to unencrypted data exposure...

CVE-2025-23060

A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources a...

Asseco Business Solutions Wapro ERP 安全漏洞

Asseco Business Solutions Wapro ERP is an enterprise-oriented ERP software from Asseco Business Solutions, Poland. A security vulnerability exists in Asseco Business Solutions Wapro ERP versions prior to 9.00.0, which stems from vulnerability to server-side MS SQL protocol downgrade requests, whi...

Korenix JetPort 5601 操作系统命令注入漏洞

The Korenix JetPort 5601 is an intelligent serial device server from Korenix. A security vulnerability exists in Korenix JetPort 5601 version 1.2 and earlier, which stems from the lack of encryption of sensitive data in the resulting eavesdropping...

PUB-A-269657712

In TBD of TBD, there is a possible way to send unencrypted data via a unexpected interface due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

postgresql: server processes unencrypted bytes from man-in-the-middle

It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands...

This Week in Security News: DevOps Implementation Concerns and Malware Variants

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how most respondents to a Trend Micro survey shared their concern for the risks in implementing DevOps. Also, read on about how...

CVE-2019-4162

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM...