120 matches found
K000152049: F5 Access for Android vulnerability CVE-2025-54809
Security Advisory Description F5 Access for Android before version 3.1.2, which uses HTTPS, does not verify the remote endpoint identity. CVE-2025-54809 Impact An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify data in transit. The...
CVE-2024-41986
A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data...
CVE-2025-31953
HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...
CVE-2025-53703
DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers...
podman: podman missing TLS verification
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...
IBM Engineering Requirements Management DOORS 授权问题漏洞
IBM Engineering Requirements Management DOORS is a requirements management tool from International Business Machines IBM. An authorization issue vulnerability exists in IBM Engineering Requirements Management DOORS version 9.7.2.9, which stems from a misconfiguration that could lead to a...
CVE-2025-36034
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...
CVE-2025-49146
A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...
CVE-2024-6492
Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website...
CVE-2023-22862
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...
CVE-2023-29002
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
CVE-2023-50310
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...
CVE-2020-27606
BigBlueButton before 2.2.28 or earlier does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2025-31214
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic...
CVE-2025-32886
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data...
PT-2025-18687 · Gotenna · Gotenna
Name of the Vulnerable Software and Affected Versions: goTenna v1 with application 5.5.3 and firmware 0.25.5 Description: A problem was detected in goTenna v1 devices, where a command channel includes the next hop, which can be intercepted and used to interrupt frequency hopping. Recommendations:...
Fortinet FortiPortal 信任管理问题漏洞
Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A trust management issue vulnerability exists in Fortinet FortiPortal, which stems from...
CVE-2020-10627
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An...
CVE-2024-56733 Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...
perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability
A flaw was found in App::cpanminus cpanm through version 1.7047. The default configuration downloads Perl modules from CPAN using HTTP, which could allow an attacker to view or modify the content without the knowledge of the user. This issue could allow an attacker to execute malicious code if th...