133 matches found
Resources Downloaded over Insecure Protocol
Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol through the dependency resolution of openapi-to-java-records-mustache-templates artifact that if compromised may include arbitrary .mustache files. An attacker can introduce and distribute...
Resources Downloaded over Insecure Protocol
Overview @pnpm/package-store is an A storage for packages Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol due to the absence of integrity hashes in the lockfile for HTTP or git-hosted tarball dependencies. An attacker can execute arbitrary code by...
CVE-2025-64389
The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol...
EUVD-2025-37356
The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol...
CVE-2025-64389
The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol...
CVE-2025-64389 EXCHANGE OF SENSITIVE INFORMATION IN CLEAR TEXT
The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol...
CVE-2025-64389
CVE-2025-64389 involves the web server on Circutor TCPRS1plus devices that exchanges sensitive information in clear text via an insecure protocol. Concrete details across connected sources indicate the vulnerability stems from transmitting credentials/data without encryption, enabling potential i...
CVE-2025-64389 EXCHANGE OF SENSITIVE INFORMATION IN CLEAR TEXT
The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol...
CVE-2025-64386 HIJACKING OF THE TOKEN AND GAINING ACCESS
The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session...
CVE-2025-64386
CVE-2025-64386 describes a JWT-based session hijacking flaw in Circutor TCPRS1plus (and related entries in multiple feeds). During an active session, an attacker can reuse a previously issued JWT token to modify security parameters or steal the session without detection. The issue is rooted in th...
Circutor TCPRS1plus 安全漏洞
Circutor TCPRS1plus is a communication converter from Circutor Spain. A security vulnerability exists in Circutor TCPRS1plus that originates from the device web server exchanging sensitive information in clear text via an insecure protocol...
PT-2025-44634
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The web server transmits sensitive information in clear text using an insecure protocol. Recommendations At the moment, there is no information about a newer...
ConnectWise Automate Agent 安全漏洞
ConnectWise Automate Agent is a remote monitoring and management software from ConnectWise USA. A security vulnerability exists in ConnectWise Automate Agent that stems from an improper configuration that allows the use of the HTTP protocol, which could lead to a man-in-the-middle attacker...
CVE-2025-48981
An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection...
CVE-2025-48981
An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection...
EUVD-2017-17834
Malware in sbrugna...
EUVD-2019-0203
Malware in sbrugna...
EUVD-2021-14016
Malware in sbrugna...
EUVD-2019-16648
Malware in sbrugna...
EUVD-2023-47012
Malicious code in bioql PyPI...