46 matches found
CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC
LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...
CVE-2025-64769
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...
CVE-2025-64769
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...
CVE-2025-64769
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...
CVE-2025-64769
CVE-2025-64769 affects the AVEVA Process Optimization suite. The root issue is unencrypted by-default channels/protocols, enabling potential data hijacking or leakage in man-in-the-middle or passive inspection scenarios. Documents consistently describe cleartext transmission of sensitive informat...
CVE-2025-64769 AVEVA Process Optimization Cleartext Transmission of Sensitive Information
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...
CVE-2025-64769
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...
PT-2026-3197
Name of the Vulnerable Software and Affected Versions Process Optimization application suite affected versions not specified Description The Process Optimization application suite uses connection channels and protocols that are not encrypted by default. This could allow for data hijacking or...
EUVD-2025-37222
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...
CVE-2025-34271
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...
PT-2025-44514
Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R2.0.2 Description The software contains a flaw in the cluster manager component related to handling sensitive credentials. When requesting credentials from peer nodes, the communication occurs over an...
Inadequate Encryption Strength
Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...
EUVD-2020-23250
Malware in sbrugna...
EUVD-2025-25859
Malicious code in bioql PyPI...
EUVD-2025-18193
Malicious code in bioql PyPI...
CVE-2025-0079
In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0079
In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0079
In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0079
In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0079
CVE-2025-0079 describes a logic error in Android's Bluetooth stack (avdtp/avctp) that could allow unencrypted channels, enabling local privilege escalation with user privileges required and no user interaction. Connected documents indicate this is addressed in the Android security bulletin for 20...