CVE-2025-54792

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...

CVE-2025-53703

DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers...

CVE-2025-53703

DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers...

PT-2025-30495 · Duracomm · Duracomm Spm-500 Dp-10In-100-Mu

Name of the Vulnerable Software and Affected Versions: DuraComm SPM-500 DP-10iN-100-MU affected versions not specified Description: The device transmits sensitive data without encryption, potentially allowing attackers to intercept it. Recommendations: At the moment, there is no information about...

CVE-2025-27457

All communication between the VNC server and clients is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data...

Multiple Advantech Products Information Disclosure Vulnerabilities

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. An information disclosure vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause data interception and session hijacking...

CVE-2025-27457

All communication between the VNC server and clients is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data...

CVE-2025-27457 CVE-2025-27457

All communication between the VNC server and clients is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data...

CVE-2025-27457 CVE-2025-27457

All communication between the VNC server and clients is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data...

CVE-2025-27457

CVE-2025-27457 concerns unencrypted communications between the VNC server and client(s) as stated in the NVD entry. Connected documents describe the same issue in the Endress+Hauser MEAC300-FNADE4 (CNVD/CNNVD/PT security pages), indicating traffic interception could reveal sensitive data. The pri...

Endress+Hauser MEAC300-FNADE4 安全漏洞

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4, which stems from the fact that all communications are not encrypted, and can be exploited by an attacker to...

PT-2025-27786 · Endress+Hauser · Endress+Hauser Meac300-Fnade4

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns unencrypted communication between a server and clients, allowing an attacker to intercept traffic and obtain sensitive data. Recommendations: At the moment, there is no...

CVE-2025-36034

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...

CVE-2025-48463

Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering...

CVE-2025-48463

CVE-2025-48463 concerns unencrypted HTTP leading to data interception and session hijacking. The provided docs confirm this vulnerability affects multiple products/vendors and characterize the impact as possible unauthorised access or data tampering due to cleartext traffic. The NVD/RH Red Hat en...

CVE-2025-48463 Unencrypted HTTP Communication

Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering...

Advantech多款产品 安全漏洞

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. An information disclosure vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause data interception and session hijacking...

PT-2025-26677 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP versions affected versions not specified Description: The issue arises from the use of unencrypted HTTP communication, allowing an attacker to intercept data and conduct session hijacking on exposed data. This could lead to...

PT-2025-26320 · Coros · Coros

Name of the Vulnerable Software and Affected Versions: COROS application versions 3.8.12 and earlier Description: The issue concerns the COROS application's handling of Bluetooth pairing and bonding. The application does not initiate or enforce pairing and bonding, and the watch also does not...

CVE-2024-47870

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a race condition in the updaterootinconfig function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker ca...