Lucene search
K

394 matches found

Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.7 views

PT-2026-21978

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.3.14 and earlier Description Sensitive user account information is not encrypted in the database. An attacker gaining access to the database can obtain this sensitive information through direct database access...

4.9CVSS5.2AI score0.00154EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.10 views

PT-2026-8234

The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool e.g., SDR can capture the random number and counters transmitted in cleartext, which is sensitive information required for authentication...

7.1CVSS5.5AI score0.00128EPSS
Exploits0References2
NVD
NVD
added 2026/02/03 7:16 p.m.14 views

CVE-2026-0620

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality...

6CVSS0.00247EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:5 p.m.3 views

CVE-2026-0620

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality...

6CVSS5.3AI score0.00247EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/27 12:0 a.m.6 views

CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS6.3AI score0.00115EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : rh-postgresql13-postgresql-13.5-1.el7 (AXSA:2021-2786:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2786:01 advisory. postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from man-in-the-middle CVE-2021-23214...

8.1CVSS8.5AI score0.01901EPSS
Exploits0References4
NVD
NVD
added 2026/01/10 10:15 a.m.8 views

CVE-2025-52435

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

7.5CVSS0.00207EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.10 views

CVE-2021-22997

On all 7.x and 6.x versions fixed in 8.0.0, BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of Software Development...

7.5CVSS7.2AI score0.01075EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.5 views

PT-2026-1813

Name of the Vulnerable Software and Affected Versions Apache NimBLE versions through 1.8.0 Description A configuration issue exists where data transmission occurs without encryption. Specifically, improper handling of the Pause Encryption procedure on the Link Layer can result in a previously...

7.5CVSS6.6AI score0.00207EPSS
Exploits0References8
CVE
CVE
added 2026/01/07 11:10 p.m.24 views

CVE-2019-25279

The CVE-2019-25279 entry applies to the FaceSentry Access Control System version 6.4.8. The vulnerability stems from cleartext password storage inside the device’s SQLite database, allowing an attacker to read credentials directly from /faceGuard/database/FaceSentryWeb.sqlite without authenticati...

7.5CVSS6.2AI score0.00199EPSS
Exploits2References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.5 views

CVE-2019-16063

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data...

7.5CVSS6.8AI score0.00666EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.2 views

IBM DevOps Deploy 安全漏洞

IBM DevOps Deploy is an application release solution from International Business Machines IBM, Inc. Standardizes and simplifies the process of deploying software components to each environment during the development cycle. A security vulnerability exists in IBM DevOps Deploy versions 8.1 through...

5.9CVSS6.2AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2025/12/12 2:46 a.m.12 views

CVE-2025-13053

The CVE-2025-13053 issue affects ASUSTOR ADM NAS: vulnerable in versions 4.1.0–4.3.3.RKD2 and 5.0.0–5.1.0.RN42. Root cause is non-enforced TLS certificate verification when configuring NAS to retrieve UPS status or control the UPS, enabling a network MITM attack to intercept traffic and potential...

7CVSS6.2AI score0.00085EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.20 views

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

7.5CVSS6.8AI score0.00167EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/11 12:30 a.m.4 views

EUVD-2025-202635

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

7.5CVSS6.3AI score0.00167EPSS
Exploits0References2
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

7.5CVSS5.8AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2025/12/10 10:16 p.m.6 views

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

7.5CVSS0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/10 12:0 a.m.4 views

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

6.5AI score0.00167EPSS
Exploits0References1
CVE
CVE
added 2025/12/10 12:0 a.m.31 views

CVE-2025-65297

The CVE-2025-65297 entry covers Aqara Hub devices (Camera Hub G3 4.1.9_0027; Hub M2 4.3.6_0027; Hub M3 4.3.6_0025) that automatically collect and upload unencrypted sensitive information without disclosure or consent. The connected sources corroborate the same description across Red Hat/CIRA ENIS...

7.5CVSS6.5AI score0.00167EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.6 views

PT-2025-50548

Name of the Vulnerable Software and Affected Versions Aqara Hub Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Description Aqara Hub devices automatically collect and upload sensitive information in an unencrypted format. This data collection and...

7.5CVSS6.4AI score0.00167EPSS
Exploits0References5
Rows per page
Query Builder