Lucene search
+L

120 matches found

f5
f5
added 2025/08/13 1:5 p.m.13 views

K000152049: F5 Access for Android vulnerability CVE-2025-54809

Security Advisory Description F5 Access for Android before version 3.1.2, which uses HTTPS, does not verify the remote endpoint identity. CVE-2025-54809 Impact An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify data in transit. The...

8.8CVSS6.7AI score0.00251EPSS
Exploits0Affected Software1
vulnrichment
vulnrichment
added 2025/08/12 11:16 a.m.4 views

CVE-2024-41986

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data...

6.4CVSS6.9AI score0.00124EPSS
Exploits0References1
osv
osv
added 2025/07/24 9:15 p.m.3 views

CVE-2025-31953

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
nvd
nvd
added 2025/07/22 10:15 p.m.9 views

CVE-2025-53703

DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers...

8.7CVSS0.00125EPSS
Exploits0References2
redhat
redhat
added 2025/07/08 1:0 a.m.5 views

podman: podman missing TLS verification

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

8.3CVSS7.3AI score0.00397EPSS
Exploits0References6
cnnvd
cnnvd
added 2025/07/07 12:0 a.m.4 views

IBM Engineering Requirements Management DOORS 授权问题漏洞

IBM Engineering Requirements Management DOORS is a requirements management tool from International Business Machines IBM. An authorization issue vulnerability exists in IBM Engineering Requirements Management DOORS version 9.7.2.9, which stems from a misconfiguration that could lead to a...

5.9CVSS9.1AI score0.00299EPSS
Exploits0References3
osv
osv
added 2025/06/26 4:15 p.m.5 views

CVE-2025-36034

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...

5.9CVSS5.8AI score0.00145EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/06/11 9:33 p.m.6 views

CVE-2025-49146

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

8.2CVSS7.9AI score0.00461EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/23 8:2 a.m.10 views

CVE-2024-6492

Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website...

7.4CVSS6.9AI score0.00599EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 5:53 a.m.7 views

CVE-2023-22862

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

7.5CVSS6.9AI score0.00545EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 5:31 a.m.4 views

CVE-2023-29002

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...

7.2CVSS6.3AI score0.00197EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 4:29 a.m.9 views

CVE-2023-50310

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

7.5CVSS6.9AI score0.0039EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 3:25 p.m.7 views

CVE-2020-27606

BigBlueButton before 2.2.28 or earlier does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

5.3CVSS6.8AI score0.01142EPSS
Exploits1
nvd
nvd
added 2025/05/12 10:15 p.m.33 views

CVE-2025-31214

This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic...

8.1CVSS0.00492EPSS
Exploits0References2
osv
osv
added 2025/05/01 6:15 p.m.4 views

CVE-2025-32886

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/05/01 12:0 a.m.4 views

PT-2025-18687 · Gotenna · Gotenna

Name of the Vulnerable Software and Affected Versions: goTenna v1 with application 5.5.3 and firmware 0.25.5 Description: A problem was detected in goTenna v1 devices, where a command channel includes the next hop, which can be intercepted and used to interrupt frequency hopping. Recommendations:...

7.1CVSS6.5AI score0.0014EPSS
Exploits0References9
cnnvd
cnnvd
added 2025/03/14 12:0 a.m.6 views

Fortinet FortiPortal 信任管理问题漏洞

Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A trust management issue vulnerability exists in Fortinet FortiPortal, which stems from...

4.8CVSS6.5AI score0.00152EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/02/05 3:12 p.m.10 views

CVE-2020-10627

Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An...

8.1CVSS6.9AI score0.00477EPSS
Exploits0References1
cvelist
cvelist
added 2024/12/30 4:46 p.m.23 views

CVE-2024-56733 Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...

5.7CVSS0.00209EPSS
Exploits0References1
redhat
redhat
added 2024/11/25 12:3 p.m.10 views

perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability

A flaw was found in App::cpanminus cpanm through version 1.7047. The default configuration downloads Perl modules from CPAN using HTTP, which could allow an attacker to view or modify the content without the knowledge of the user. This issue could allow an attacker to execute malicious code if th...

9.8CVSS6AI score0.00737EPSS
Exploits1References7
Rows per page
Query Builder