Lucene search
+L

120 matches found

RedhatCVE
RedhatCVE
added 2026/05/04 6:28 a.m.13 views

CVE-2026-40971

A flaw was found in Spring Boot. When configured to use an SSL Secure Sockets Layer bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. This vulnerability could allow an attacker on the same network to intercept or alter...

9.1CVSS5.7AI score0.00157EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/29 10:9 a.m.12 views

Improper SSL Hostname Verification

org.springframework.boot, spring-boot-elasticsearch is vulnerable to improper SSL hostname verification. The vulnerability is due to missing hostname verification in SSL bundle configuration, which allows an attacker to perform man-in-the-middle attacks by connecting to a malicious Elasticsearch...

6.8CVSS5.2AI score0.00136EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/21 5:31 p.m.2 views

nodejs: Node.js: Certification validation bypass in TLS host verification

A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security TLS host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integri...

4.3CVSS6.6AI score0.00258EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/16 9:53 p.m.9 views

Flowise: Password Reset Link Sent Over Unsecured HTTP

Summary: The password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle MITM attack, where an attacker on the same network as the user e.g., public Wi-Fi can intercept...

7.5CVSS5.8AI score0.00192EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.26 views

PT-2026-44910

Name of the Vulnerable Software and Affected Versions axios versions 0.x through 1.x Description A prototype pollution gadget in the lib/adapters/http.js component allows an attacker to escalate any Object.prototype pollution within an application's dependency tree into a full Man-in-the-Middle...

9.7CVSS5.5AI score0.01041EPSS
Exploits1References51
Cvelist
Cvelist
added 2026/04/15 11:45 p.m.41 views

CVE-2026-5363 Use of weak cryptographic key in TP-Link Archer C7

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

6CVSS0.00091EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/09 5:48 p.m.4 views

EUVD-2026-20991

dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to 6.1.80, plugin-deepinid is configured to skip TLS certificate verification when fetching the user's avatar from...

5.4CVSS5.9AI score0.00148EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is IBM's enterprise-class data integration platform for data quality management and ETL processing. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from a query string of an HTTP GET request that could expose sensiti...

3.1CVSS5.8AI score0.00225EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/11 8:20 p.m.2 views

CVE-2026-1068

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application...

6CVSS5.8AI score0.00078EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 7:31 p.m.3 views

CVE-2026-31960 DoS in Quill via unbounded read of HTTP response body during notarization

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...

5.3CVSS5.8AI score0.00088EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/25 3:25 p.m.1 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the CLI login command when the -skip-verify flag is used without the --cacert flag. An attacker can intercept sensitive information or perform man-in-the-middle attacks by exploiting the lack of proper...

8.3CVSS5.9AI score0.00153EPSS
Exploits0References2
NVD
NVD
added 2026/02/15 11:15 a.m.8 views

CVE-2026-2539

The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool e.g., SDR can capture the random number and counters transmitted in cleartext, which is sensitive information required for authentication...

7.1CVSS0.00128EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/04 6:41 p.m.4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the DefaultConfig function, which sets TlsInsecureSkipVerify to true, disabling TLS certificate verification for all outgoing storage driver communications. An attacker can intercept and manipulate...

9.3CVSS5.4AI score0.00234EPSS
Exploits1References2
OSV
OSV
added 2026/02/02 10:11 p.m.5 views

GHSA-GX3X-VQ4P-MHHV cert-manager-controller DoS via Specially Crafted DNS Response

Impact The cert-manager-controller performs DNS lookups during ACME DNS-01 processing for zone discovery and propagation self-checks. By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References10
Snyk
Snyk
added 2026/02/02 8:12 p.m.2 views

Missing Validation of OpenSSL Certificate

Overview Affected versions of this package are vulnerable to Missing Validation of OpenSSL Certificate due to the default configuration of DefaultConfig where TLS certificate verification is disabled for outgoing storage driver communications. An attacker can intercept, decrypt, and manipulate al...

9.2CVSS5.5AI score0.00239EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.6 views

CVE-2021-31892

A vulnerability has been identified in SINUMERIK Analyse MyCondition All versions, SINUMERIK Analyze MyPerformance All versions, SINUMERIK Analyze MyPerformance /OEE-Monitor All versions, SINUMERIK Analyze MyPerformance /OEE-Tuning All versions, SINUMERIK Integrate Client 02 All versions =...

7.4CVSS6.7AI score0.00486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:9 a.m.4 views

CVE-2026-22543

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

6.9CVSS6.8AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/15 7:51 p.m.5 views

CVE-2025-13489 IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS5.9AI score0.00167EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.8 views

PT-2025-51100

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint...

9.4CVSS6.8AI score0.00067EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.12 views

CVE-2025-65827

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise o...

9.1CVSS7AI score0.00236EPSS
Exploits0References1
Rows per page
Query Builder