CVE-2026-34126 Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's Tapo L535E, P300 and D100C

TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth rang...

CVE-2026-32683

Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video...

EUVD-2007-5610

Malware in sbrugna...

EUVD-2022-0847

Malicious code in bioql PyPI...

Probeless Vs Probe-Based Variable-Strength Eavesdropping in Quantum Key Distribution

Quantum key distribution QKD is a provably secure way of generating a secret key, which can later be used for encoding and decoding information. In this paper we analyze the effects of an eavesdropper's variable-strength measurements on QKD. Two types of measurements have been considered: i a...

CVE-2023-6094

A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive...

On the Vulnerability of Underwater Magnetic Induction Communication

Typical magnetic induction MI communication is commonly considered a secure underwater wireless communication UWC technology due to its non-audible and non-visible nature compared to acoustic and optical UWC technologies. However, vulnerabilities in communication systems inevitably exist and may...

UBUNTU-CVE-2023-29529

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in Google Android versions 10, 11 and 12, which originates from an eavesdropping/overwriting attack in ApplicationsDetailsActivity of AndroidManifest.xml, which cou...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android versions 10, 11, and 12, which stems from an eavesdropping/overwriting attack in onCreate of MasterClearConfirmFragment.java, which may restore factory settings and cause a...

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from Google, Inc. A security vulnerability exists in Google Android versions 10, 11, and 12, which stems from a vulnerability in the Car Settings application, where the toggle button to modify system settings is susceptible to...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung. A security vulnerability in the SAMSUNG Mobile devices BluetoothScanDialog module prior to SMR Aug-2022 Release 1, which originates from a vulnerable code in...

Google Android Elevation of Privilege Vulnerability (CNVD-2022-52263)

Google Android is a Linux-based open-source operating system from the U.S. company Google Android has an elevation of privilege vulnerability that stems from a window flag error when processing user input, which could lead to an eavesdropping attack that could be exploited by an attacker to cause...

Google Android 权限许可和访问控制问题漏洞

Google Android is a Linux-based open-source operating system from the U.S. company Google Android has an elevation of privilege vulnerability that stems from a window flag error when processing user input, which could lead to an eavesdropping attack that could be exploited by an attacker to cause...

Fibaro Home Center 2 安全漏洞

FIBARO Home Center 2 is an application system of the Polish company FIBARO. A system integration system. A security vulnerability exists in Fibaro Home Center 2 that stems from the fact that communications between users and devices can be eavesdropped on to hijack sessions, tokens, and passwords...

CVE-2020-8918

An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and...

Billions of Devices Open to Wi-Fi Eavesdropping Attacks

SAN FRANCISCO — A serious vulnerability in Wi-Fi chips has been discovered that affects billions of devices worldwide, according to researchers. It allows attackers to eavesdrop on Wi-Fi communications. The bug CVE-2019-15126 stems from the use of an all-zero encryption key in chips made by...

Stellar.org: HTTP - Basic Authentication on https://www.stellar.org/wp-login.php

Greetings, noticed https://www.stellar.org/wp-login.php using basic authentication. PoC: YWRtaW46YWRtaW4= is base64 encode of admin:admin Impact: Vulnerable to client side attacks. Vulnerable to MITM attack. Vulenrable to Eavesdropping attack. Vulnerable to Brute force attacks. Fix: HTTP-Basic...

Nextcloud: HTTP-Basic Authentication on logs.nextcloud.com

Greetings, While visiting https://logs.nextcloud.com/ , I noticed that this server use HTTP-Basic Authentication. F152730 POC : ------ GET https://logs.nextcloud.com/ HTTP/1.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.11; rv:50.0 Gecko/20100101 Firefox/50.0 Accept:...