CVE-2025-32886

The CVE-2025-32886 issue affects goTenna v1 devices (app 5.5.3, firmware 0.25.5). The underlying problem is that packets sent over RF are also transmitted via UART through USB Shell, enabling a user with local access to learn the protocol and intercept sensitive data. The impact is information di...

CVE-2025-2185

ALBEDO Telecom Net.Time - PTP/NTP clock Serial No. NBC0081P software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which could permit an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception...

CVE-2025-3518

It technically possible for a user to upload a file to a conversation despite the file upload functionality being disabled. The file upload functionality can be enabled or disabled for specific use cases through configuration. In case the functionality is disabled for at least one use case, the...

CVE-2025-3519

An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID UUID. In case a participant of this or another conversation gets access to such a file ID...

Google ChromeOS Memory Misreference Vulnerability

Google ChromeOS is a set of Web-based lightweight open source operating system from Google Google. Google ChromeOS suffers from a memory misreference vulnerability that is caused by a flaw in ComponentInstaller. An attacker could exploit the vulnerability to intercept device management requests b...

Viasat多款产品 安全漏洞

Viasat RM5110 and others are products of Viasat, Inc.Viasat RM5110 is a satellite modem router.Viasat RM5111 is a satellite modem router.Viasat RG1100 is a modem router. A security vulnerability exists in several Viasat products that stems from dynamic DNS traffic interception that could lead to ...

CVE-2025-2185

CVE-2025-2185 affects ALBEDO Telecom Net.Time - PTP/NTP clock, v1.4.4. The root cause is insufficient session expiration, enabling an attacker to transmit passwords over unencrypted connections and potentially intercept credentials. Remediation: update to a newer version of Net.Time (per PT-2025-...

CVE-2025-2185 ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration

ALBEDO Telecom Net.Time - PTP/NTP clock Serial No. NBC0081P software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which could permit an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception...

CVE-2025-2185 ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration

ALBEDO Telecom Net.Time - PTP/NTP clock Serial No. NBC0081P software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which could permit an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception...

ALBEDO Telecom Net.Time - PTP/NTP clock

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

PT-2025-17865 · Albedo Telecom · Albedo Telecom Net.Time

Name of the Vulnerable Software and Affected Versions: ALBEDO Telecom Net.Time - PTP/NTP clock Serial No. NBC0081P version 1.4.4 Description: The issue is related to an insufficient session expiration, which could allow an attacker to transmit passwords over unencrypted connections, resulting in...

CVE-2025-42603

This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response that contains unencrypted sensitive...

CVE-2025-3519

An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID UUID. In case a participant of this or another conversation gets access to such a file ID...

CVE-2025-3519 Replace uploaded files knowing the file upload ID

An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID UUID. In case a participant of this or another conversation gets access to such a file ID...

Unspecified Vulnerability in Ivanti Endpoint Manager

Ivanti Endpoint Manager is an enterprise-grade endpoint management solution, mainly used for centralized management of various types of devices including Windows, MacOS, Linux, iOS/Android mobile devices, etc., to achieve unified configuration, security control and remote operation and maintenanc...

CVE-2024-42177 HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities

HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system...

JetBrains Toolbox App 安全漏洞

JetBrains Toolbox App is an application for managing JetBrains development tools that helps users install, update and manage multiple JetBrains development tools. A security vulnerability exists in JetBrains Toolbox App that stems from unencrypted transmission of credentials during SSH...

CVE-2025-22459

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers...

CVE-2025-22459

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers...

CVE-2025-22459

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers...