HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the use of basic authorization tokens for authentication. This vulnerability may lead to credentials being intercepted or abused...

Lemur: LDAP Authentication Globally Disables TLS Certificate Verification When LDAP_USE_TLS Is Enabled

Description Overview When LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the LDAP server to intercept all...

CVE-2026-35560 Improper certificate validation in identity provider connection components in Amazon Athena ODBC driver

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. Thi...

Siemens APE1808 Improper Restriction of Communication Channel to Intended Endpoints (CVE-2024-26013)

A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and...

Efacec QC 安全漏洞

Efacec QC is a series of electric vehicle charging posts from the Portuguese company Efacec. A security vulnerability exists in the Efacec QC that stems from the device web server access credentials being sent in Base64 encoding via the HTTP header, which is not a strong encryption algorithm, and...

CVE-2025-62330

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive...

HCL DevOps Deploy 安全漏洞

HCL DevOps Deploy is an application from HCL India. It can be mapped to your organizational structure using flexible team-based and role-based security models. HCL DevOps Deploy has a security vulnerability that stems from the explicit transmission of sensitive information, which could lead to th...

EUVD-2022-7186

Malicious code in bioql PyPI...

EUVD-2022-15370

Malicious code in bioql PyPI...

EUVD-2023-52478

Malicious code in bioql PyPI...

PT-2025-39880

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1049 Vasion Print formerly PrinterLogic Application versions prior to 20.0.2786 Description The Vasion Print Virtual Appliance Host and Application store a privat...

GHSA-4FWJ-8595-WP25 Mattermost has Insufficiently Protected Credentials

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...

CVE-2025-49194

CVE-2025-49194 affects SICK Field Analytics and SICK Media Server. A root cause is support for authentication methods that transmit credentials in cleartext over unencrypted channels, enabling potential credential disclosure if traffic is intercepted. Public documentation from multiple sources co...

CVE-2025-44612

Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack...

Unsecured Authentication Attempt Detected (Low)

A server allow for authentication using credentials in an unencrypted manner over unencrypted channel. Such credentials might be revealed to an attacker intercepting this traffic and used to gain access to data on the server. This plugin only works with Tenable.ot. Please visit...

JetBrains Toolbox App 安全漏洞

JetBrains Toolbox App is an application for managing JetBrains development tools that helps users install, update and manage multiple JetBrains development tools. A security vulnerability exists in JetBrains Toolbox App that stems from unencrypted transmission of credentials during SSH...

CVE-2024-40714

An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations...

PT-2024-9564 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore...

CVE-2022-32928

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials...

CVE-2022-32928

CVE-2022-32928 describes a logic issue in Apple systems that could allow a user in a privileged network position to intercept mail credentials. The vulnerability is fixed in iOS 16, macOS Ventura 13, and watchOS 9. Connected sources confirm the issue relates to Apple software components and the v...