CVE-2026-33583 Arqit SKA-Platform Vulnerable to Key Exposure

Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...

Catalyst::Plugin::Statsd 安全漏洞

Catalyst::Plugin::Statsd is a plugin module by Robert Rothenberg, an individual developer, for capturing application runtime metrics and sending them to a statistics system. A security vulnerability exists in Catalyst::Plugin::Statsd 0.10.0 and earlier versions, which stems from an unencrypted...

Plack::Middleware::Statsd 安全漏洞

Plack::Middleware::Statsd is a middleware component for logging web request metrics and sending them to a statistics system by Robert Rothenberg, an individual developer. A security vulnerability exists in Plack::Middleware::Statsd prior to version 0.9.0, which stems from an unencrypted...

EUVD-2026-13316

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

CVE-2024-32384

Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...

CVE-2025-34271

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...

CVE-2025-34271

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...

CVE-2025-34271 Nagios Log Server < 2024R2.0.2 Cluster Manager Credential Requests Sent Over Plaintext

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...

Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2024R2.0.2 that originates from the Cluster Manager component requesting sensitive credentials over an unencrypted...

EUVD-2018-17251

Malware in sbrugna...

EUVD-2022-35582

Malicious code in bioql PyPI...

CVE-2025-54810 Cognex In-Sight Explorer and In-Sight Camera Firmware Authentication Bypass by Capture-replay

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channe...

CVE-2025-53703 DuraComm DP-10iN-100-MU Cleartext Transmission of Sensitive Information

DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers...

PT-2025-23419 · Mageia · Deluge

Limited unauthenticated file read in /flag. CVE-2025-46561 New version check over unencrypted channel. CVE-2025-46562 SSRF with information leak and limited unauthenticated file write. CVE-2025-46563 Unauthenticated file read in /js may lead to RCE. CVE-2025-46564 Mageia internal bug:...

Unsecured Authentication Attempt Detected (Medium)

A server allow for authentication using credentials in an unencrypted manner over unencrypted channel. Such credentials might be revealed to an attacker intercepting this traffic and used to gain access to data on the server. This plugin only works with Tenable.ot. Please visit...

Unsecured Authentication Attempt Detected (Low)

A server allow for authentication using credentials in an unencrypted manner over unencrypted channel. Such credentials might be revealed to an attacker intercepting this traffic and used to gain access to data on the server. This plugin only works with Tenable.ot. Please visit...

CVE-2022-32510

An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the full set of API...

CVE-2024-30142

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel...

CVE-2024-30142

HCL BigFix Compliance is affected by a missing secure flag on a cookie, enabling cookie theft via XSS and potentially unauthorized access or cookies transmitted over unencrypted channels. The CVE refers to vulnerability in product HCL BigFix Compliance (reported as 2024-30142) and is corroborated...

CVE-2024-30142 HCL BigFix Compliance is affected by a missing secure flag on a cookie

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel...