CVE-2024-43383

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replicati...

Hewlett Packard Enterprise ClearPass Policy Manager 安全漏洞

Hewlett Packard Enterprise ClearPass Policy Manager is a wireless network security access management system from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise ClearPass Policy Manager. An attacker could exploit the vulnerability to perform a...

CVE-2025-0479

This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. A remote attacker could exploit this vulnerability by intercepting data transmissions during an HTTP session on the vulnerable system. Successful exploitation of this...

Secret Phone Surveillance Tech Was Likely Deployed at 2024 DNC

Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range...

CVE-2024-4995 Protocol Downgrade in Wapro ERP Desktop

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0...

CVE-2024-4995

CVE-2024-4995 (Wapro ERP Desktop) is publicly described as a server-side MS SQL protocol downgrade vulnerability affecting Wapro ERP Desktop before 9.00.0. The issue enables unencrypted communication between components, which may allow data interception and modification. Public records do not spe...

CVE-2024-4995 Protocol Downgrade in Wapro ERP Desktop

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0...

CVE-2024-54147

The CVE-2024-54147 entry covers Altair GraphQL Client (desktop) prior to version 8.0.5, where the application does not validate HTTPS certificates. This weakness enables a man-in-the-middle on untrusted networks to intercept GraphQL request/response headers and bodies (including authorization tok...

The vulnerability of Mitsubishi Electric’s GOT2000 and GOT SIMPLE graphic panel controllers lies in the predictability of random initial TCP session numbers. This allows attackers to intercept connections for data transmission and prevent the establishment of connections for data transfer.

The vulnerability of Mitsubishi Electric’s GOT2000 and GOT SIMPLE graphic control panels relates to the predictability of random initial TCP session numbers. Exploiting this vulnerability allows a remote attacker to intercept data transmissions and prevent the establishment of data connection...

PYSEC-2024-219

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

PYSEC-2024-218

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a race condition in the updaterootinconfig function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker ca...

CVE-2024-47871 Insecure communication between the FRP client and server in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

Gradio uses insecure communication between the FRP client and server

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files upload...

Race Condition

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Race Condition in the updaterootinconfig function. An attacker can redirect user traffic to a malicious server, potentially intercepting sensitive da...

GHSA-XH2X-3MRM-FWQM Gradio has a race condition in update_root_in_config may redirect user traffic

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a race condition in the updaterootinconfig function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect use...

Gradio has a race condition in update_root_in_config may redirect user traffic

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a race condition in the updaterootinconfig function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect use...

CVE-2024-44097

According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. T...

CVE-2024-44097

According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. T...

CVE-2024-44097

CVE-2024-44097 : Google Nest devices are affected by a TLS trust-management flaw where the application fails to properly validate the server certificate during TLS initialization, allowing a network attacker to intercept and read data and potentially forward or inject modified data to the real se...

Google Nest 安全漏洞

Google Nest is a smart home product from the American company Google Google. Google Nest suffers from a trust management issue vulnerability that stems from the application failing to properly validate the server certificate when initializing a TLS connection, which can be exploited by a cyber...