CVE-2025-1868

Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by...

Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool

In recent months, we've seen an increase in the use of Windows Packet Divert drivers to intercept and modify network traffic in Windows systems. This technology is used in various utilities, including ones for bypassing blocks and restrictions of access to resources worldwide. Over the past six...

Linux Distros Unpatched Vulnerability : CVE-2024-47080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method...

The vulnerability of the TFA two-factor authentication module in Drupal CMS systems allows a hacker to intercept the user’s session.

The vulnerability of the Two-factor Authentication TFA module in Drupal CMS systems is related to improper session management. Exploiting this vulnerability could allow a malicious actor to intercept a user’s session...

The vulnerability of the TFA two-factor authentication module in Drupal CMS systems allows a hacker to intercept the user’s session.

The vulnerability of the Two-factor Authentication TFA module in Drupal CMS systems is related to improper session management. Exploiting this vulnerability could allow a malicious actor to intercept a user’s session...

The vulnerability of Symantec’s Privileged Access Management tool, related to the manipulation of inter-site requests, allows a perpetrator to intercept user sessions.

The vulnerability of Symantec’s Privileged Access Management tool is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to intercept user sessions remotely...

CVE-2022-26872

AMI Megarac Password reset interception via API...

CVE-2020-10627

Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An...

CVE-2024-43383

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replicati...

CVE-2024-34706

Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token JWT of the user is exposed to api.form.io via the the x-jwt-token header. An attacker can retrieve personal information from this token, or use it to execute requests to the...

CVE-2024-47791

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices...

CVE-2024-29887

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device...

CVE-2024-40714

An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations...

Hewlett Packard Enterprise ClearPass Policy Manager 安全漏洞

Hewlett Packard Enterprise ClearPass Policy Manager is a wireless network security access management system from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise ClearPass Policy Manager. An attacker could exploit the vulnerability to perform a...

The vulnerability of the network authentication protocol used by the Firebird software components, “Population Cancer Registry” and “Hospital Cancer Registry,” allows attackers to intercept traffic.

The vulnerability of the network authentication protocol used by the Firebird software’s “Population Cancer Registry” and “Hospital Cancer Registry” components is related to the use of a insecure authentication method called LegacyAuth. Exploiting this vulnerability allows a malicious actor to...

CVE-2024-27263

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques...

CVE-2024-55928

Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption...

CVE-2024-52329

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens...

PT-2025-2927 · Ecovacs · Ecovacs Home

Name of the Vulnerable Software and Affected Versions: ECOVACS HOME affected versions not specified Description: The ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. This allows an unauthenticated attacker to read or modify TLS traffic and obtain...

MasterCard DNS Error Went Unnoticed for Years

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security...