118 matches found
CVE-2025-34271 Nagios Log Server < 2024R2.0.2 Cluster Manager Credential Requests Sent Over Plaintext
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...
CVE-2025-11492
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...
EUVD-2008-3047
Malware in sbrugna...
EUVD-2019-8736
Malware in sbrugna...
EUVD-2011-0426
Malware in sbrugna...
EUVD-2013-0540
Malware in sbrugna...
EUVD-2019-8031
Malware in sbrugna...
EUVD-2018-16943
Malware in sbrugna...
EUVD-2018-16635
Malware in sbrugna...
EUVD-2013-4576
Malware in sbrugna...
EUVD-2025-25968
Malicious code in bioql PyPI...
EUVD-2025-19849
Malicious code in bioql PyPI...
EUVD-2022-37263
Malicious code in bioql PyPI...
EUVD-2024-36214
Malicious code in bioql PyPI...
CVE-2025-24525 Keysight Ixia Vision Product Family Use of Hard-coded Cryptographic Key
Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available ...
CVE-2025-11155
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...
CVE-2025-11155 WEAK ENCODING FOR PASSWORD IN DEVICE SERVER CONFIGURATION
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...
PT-2025-39833
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The credentials needed to access the device’s web server are transmitted in base64 within the HTTP headers. Base64 encoding is not a secure cipher, allowing an...
K000152049: F5 Access for Android vulnerability CVE-2025-54809
Security Advisory Description F5 Access for Android before version 3.1.2, which uses HTTPS, does not verify the remote endpoint identity. CVE-2025-54809 Impact An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify data in transit. The...
CVE-2024-41986
A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data...