MAL-2026-4805 Malicious code in metricflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9a1c269ce5e462d7e555ce1ca34b7f2e54e3d34ea094d35a67aa7c61d1fe34e The package's exported Metricflow React component defaults serverUrl to http://51.38.65.105:21531 and, when rendered, appends a tag to document.head ...

PT-2026-40762

Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...

EUVD-2026-13840

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

CVE-2023-53881

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by...

CVE-2025-59448

Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...

EUVD-2017-15489

Malware in sbrugna...

EUVD-2022-43263

Malicious code in bioql PyPI...

EUVD-2025-30228

Malicious code in bioql PyPI...

EUVD-2025-6437

Malicious code in bioql PyPI...

Cognex多款产品 安全漏洞

Cognex In-Sight Explorer and Cognex In-Sight Camera Firmware are both products of Cognex Corporation, U.S.A. Cognex In-Sight Explorer is a tool that has the ability to debug and program the software of its line of smart cameras.Cognex In-Sight Camera Firmware is firmware for a range of smart...

CVE-2024-42495

Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data...

CVE-2025-27594

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

CVE-2025-27594

The CVE-2025-27594 entry concerns the SICK DL100-2xxxxxxx series where a proprietary protocol transmits configuration data and authenticates devices without encryption. The underlying issue is the unencrypted protocol, which can allow an attacker to intercept the authentication hash and perform a...

SICK DL100-2xxxxxxx 安全漏洞

The SICK DL100-2xxxxxxxxx is a series of sensors from SICK, Germany. A security vulnerability exists in the SICK DL100-2xxxxxxxxx that stems from communication using an unencrypted proprietary protocol that could result in an authentication hash being intercepted and used to log in to the device...

CVE-2024-42495

Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data...

CVE-2024-42495

CVE-2024-42495 affects Hughes WL3000 Fusion Software (versions prior to 2.7.0.10). The vulnerability arises from credentials used to access device configuration being transmitted via an unencrypted protocol, enabling read-only access to network configuration and terminal configuration data. NVD m...

CVE-2024-42495 Hughes Network Systems WL3000 Missing Encryption of Sensitive Data

Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data...

CVE-2024-42495 Hughes Network Systems WL3000 Missing Encryption of Sensitive Data

Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data...

PT-2024-29989 · Hughes Network Systems +1 · Wl3000 Fusion +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves credentials to access device configuration being transmitted using an unencrypted protocol. This allows read-only access to network...

Design/Logic Flaw

Communication between the client and the server application of the affected products is partially done using CORBA Common Object Request Broker Architecture over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects FOXMAN-UN product: FOXMAN-UN R15B,...