CVE-2024-32384

Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...

Socomec DIRIS Digiware M-70 WEBVIEW-M cleartext transmission vulnerability

Talos Vulnerability Report TALOS-2024-2115 Socomec DIRIS Digiware M-70 WEBVIEW-M cleartext transmission vulnerability December 1, 2025 CVE Number CVE-2024-48894 SUMMARY A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially...

TencentOS Server 4: bind (TSSA-2025:0564)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0564 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: curl (TSSA-2024:0874)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0874 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-13249

creationtimestamp| type| source ---|---|--- 2025-11-16 15:19:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5qz33ck7b2s...

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

HP Integrated Lights-Out Denial of Service (CVE-2014-2601)

The server in HP Integrated Lights-Out 2 aka iLO 2 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Authentication Bypass by Spoofing (CVE-2021-22890)

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

CLSA-2025-1762957887 perl-App-cpanminus: Fix of CVE-2024-45321

CVE-2024-45321: patch the code to use https instead of http...

CVE-2025-33150

creationtimestamp| type| source ---|---|--- 2025-11-10 22:23:39+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5cnskkyvmz2...

CVE-2025-62722

creationtimestamp| type| source ---|---|--- 2025-11-05 01:11:05+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4tuitibxte2 2025-11-05 02:15:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4ty5j3gi22s...

CVE-2025-54965

creationtimestamp| type| source ---|---|--- 2025-10-27 18:51:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m473mhdwiw2g...

CVE-2025-12277

creationtimestamp| type| source ---|---|--- 2025-10-27 15:54:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m46rpnabp22x...

curl: Integer Overflow to Heap Overflow in DoH Response Handling

Summary: An integer overflow vulnerability exists in the dohprobewritecb function in lib/doh.c. This function is used as a write callback for DNS-over-HTTPS DoH responses. When a malicious DoH server sends a response with a crafted size, the multiplication of size and nmemb can overflow. This lea...

CVE-2025-10641

creationtimestamp| type| source ---|---|--- 2025-10-21 12:58:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m3pf3f73bo2e 2025-10-21 19:23:05+00:00| seen| https://schleuss.online/users/vulnbot/statuses/115413783991365690 2025-10-21 22:00:55+00:00| seen|...

CVE-2025-56223

creationtimestamp| type| source ---|---|--- 2025-10-20 15:15:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m3n47zm7aj2i 2025-10-22 21:02:34+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m3sqldbxdh2p...

ABB Terra AC

SUMMARY ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the flash...

CVE-2025-11492

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...