5684 matches found
EUVD-2026-34011
Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...
PT-2026-45863
Name of the Vulnerable Software and Affected Versions Dräger Core version 1.0.5 Dräger M540 Converter Service version 1.0.9 Description A denial of service issue allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC Service-oriented Device...
Dräger Core和Dräger M540 Converter Service 资源管理错误漏洞
Both the Dräger Core and Dräger M540 Converter Service are products of the German company Dräger. The Dräger Core is a medical device remote access and control platform. The Dräger M540 Converter Service is a medical device data conversion service. Versions 1.0.5 of Dräger Core and 1.0.9 of Dräge...
Graph Explorer 安全漏洞
Graph Explorer is an interactive web application for visual exploration of graph databases, open-sourced by Amazon Web Services. Previous versions of Graph Explorer, such as 3.0.1, contained security vulnerabilities. These vulnerabilities stemmed from the proxy server falling back to HTTP when th...
CVE-2026-25599
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
CVE-2026-25599
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
CVE-2026-25599
CVE-2026-25599 involves Orca heat pump devices communicating with the Orca server over unencrypted HTTP, with missing authentication and input validation on aggregated data. This combination enables stored XSS in the heat pump web control interface and potential cookie theft, as well as attacker ...
CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
EUVD-2026-33617
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
PT-2026-45397
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
CVE-2026-4387 Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file
StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...
CVE-2026-4387
StrongDM Desktop Application prior to 23.74.0 (Desktop Client before 53.77.0) stores authentication state in cleartext in a per-user file C:\Users.sdm\state.kv, exposing a JSON Web Token and asymmetric key material. Access requires local read to the user profile and additional deployment/executio...
OESA-2026-2477 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If...
CVE-2026-34126 Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's Tapo L535E, P300 and D100C
TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth rang...
CVE-2026-34126
Summary: CVE-2026-34126 affects TP-Link Tapo devices (L535E v1.0/v3.0, P300 v1.0, D100C v1.0). During the initialization phase, Bluetooth communication is transmitted in cleartext without encryption. A nearby attacker could exploit this via Bluetooth sniffing or man-in-the-middle to eavesdrop on ...
CVE-2026-34126 Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's Tapo L535E, P300 and D100C
TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth rang...
PT-2026-44456
Name of the Vulnerable Software and Affected Versions Tapo L535E versions 1.0 and 3.0 Tapo P300 version 1.0 Tapo D100C version 1.0 Description Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. An attacker within Bluetooth range could use sniffi...
Tigera Calico 安全漏洞
Tigera Calico is an open-source network security solution developed by the American company Tigera, designed for container, virtual machine, and host workloads. Tigera Calico has a security vulnerability, which stems from the Azure IPAM plugin recording unencrypted configuration mappings in logs...
CVE-2026-3012
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...