Lucene search
+L

65 matches found

CVE
CVE
added 2 days ago10 views

CVE-2026-35146

The CVE-2026-35146 record concerns HCL DFXServer and describes an Unencrypted Communication vulnerability. The issue allows connections over unencrypted HTTP channels, enabling a remote attacker to intercept traffic and access sensitive data transmitted between the user and the server. The provid...

6.3CVSS6.1AI score0.00116EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/23 1:24 a.m.8 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/03 3:28 a.m.16 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/01 9:17 a.m.9 views

CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 9:17 a.m.14 views

EUVD-2026-33617

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 11:16 a.m.12 views

CVE-2026-3012

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS0.00261EPSS
Exploits0References14
EUVD
EUVD
added 2026/05/27 10:2 a.m.17 views

EUVD-2026-32211

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 10:2 a.m.12 views

CVE-2026-3012 Samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References13
CVE
CVE
added 2026/05/27 10:2 a.m.60 views

CVE-2026-3012

CVE-2026-3012 concerns Samba’s certificate auto-enrollment over HTTP without verification. When Group Policy auto-enrollment is enabled, Samba may fetch a CA certificate via unencrypted HTTP and install it into the local trust store without proper validation, enabling a MiTM-style attack to intro...

8CVSS5.8AI score0.00261EPSS
Exploits0References14Affected Software3
OSV
OSV
added 2026/05/27 10:2 a.m.1 views

CVE-2026-3012 Samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS7.1AI score0.00261EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2026/05/27 9:26 a.m.14 views

CVE-2026-3012

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/27 2:53 a.m.14 views

SUSE CVE-2026-3012

A flaw was found in Samba's certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-3012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba's certificate auto-enrollment Group Policy handling. When certificate auto- enrollment is enabled, Samba may retrieve a CA certificate...

8CVSS5.4AI score0.00261EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/24 12:31 a.m.5 views

EUVD-2026-25361

A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same...

6.9CVSS5.8AI score0.0019EPSS
Exploits0References4
NVD
NVD
added 2026/04/24 12:16 a.m.6 views

CVE-2026-40431

A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same...

6.9CVSS0.0019EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/23 11:56 p.m.2 views

CVE-2026-40431 SenseLive X3050 Cleartext transmission of sensitive information

A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same...

6.9CVSS5.3AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.9 views

PT-2026-34809

A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same...

6.9CVSS5.8AI score0.0019EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/21 3:32 p.m.6 views

EUVD-2025-209542

HCL BigFix Service Management SM Discovery is vulnerable to unenforced encryption due to port 80 HTTP being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data...

5.3CVSS5.8AI score0.00087EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 2:26 p.m.2 views

CVE-2025-31981 HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption

HCL BigFix Service Management SM Discovery is vulnerable to unenforced encryption due to port 80 HTTP being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data...

5.3CVSS5.8AI score0.00087EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 2:26 p.m.5 views

CVE-2025-31981

HCL BigFix Service Management SM Discovery is vulnerable to unenforced encryption due to port 80 HTTP being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data...

5.3CVSS5.8AI score0.00087EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder