CVE-2025-0479

This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. A remote attacker could exploit this vulnerability by intercepting data transmissions during an HTTP session on the vulnerable system. Successful exploitation of this...

CVE-2024-47519

Backup uploads to ETM subject to man-in-the-middle interception...

CVE-2024-47519 Backup uploads to ETM subject to man-in-the-middle interception

Backup uploads to ETM subject to man-in-the-middle interception...

CVE-2024-47519 Backup uploads to ETM subject to man-in-the-middle interception

Backup uploads to ETM subject to man-in-the-middle interception...

CVE-2024-47519

CVE-2024-47519 is tied to Arista Edge Threat Management – Arista NG Firewall: backup uploads to ETM can be intercepted via a man-in-the-middle. The advisory details the affected product family and versions (NGFW/ETM, 17.1.1 and prior) and provides explicit remediation guidance. The root cause is ...

Secret Phone Surveillance Tech Was Likely Deployed at 2024 DNC

Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range...

CVE-2025-20126 Cisco ThousandEyes Endpoint Agent Certificate Validation Vulnerability

A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate...

Cleartext Transmission Of Sensitive Information

Keycloak is vulnerable to plain text replication. The vulnerability is due to the environment option KCCACHEEMBEDDEDMTLSENABLED not functioning as intended, resulting in JGroups replication configuration always using plain text, which allows attackers on adjacent networks to intercept and read...

CVE-2024-56733

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...

GHSA-4FWJ-M62Q-PP47 Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...

CVE-2024-56733

CVE-2024-56733 affects Password Pusher (versions ≤ 1.50.3). A vulnerability allows an attacker to copy the session cookie before logout, potentially enabling session hijacking until the token expires or is cleared. Root cause centers on accessing an active session cookie (e.g., MITM, XSS, or loca...

CVE-2024-56733 Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...

CVE-2024-56733 Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...

CVE-2024-4995 Protocol Downgrade in Wapro ERP Desktop

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0...

CVE-2024-4995

CVE-2024-4995 (Wapro ERP Desktop) is publicly described as a server-side MS SQL protocol downgrade vulnerability affecting Wapro ERP Desktop before 9.00.0. The issue enables unencrypted communication between components, which may allow data interception and modification. Public records do not spe...

CVE-2024-4995 Protocol Downgrade in Wapro ERP Desktop

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0...

The vulnerability of the Ruijie Reyee OS operating system, related to the exposure of resources for unauthorized parties, allows a violator to obtain the device serial number.

The vulnerability of the Ruijie Reyee OS is related to the exposure of resources for unauthorized parties. Exploiting this vulnerability allows a remote attacker to obtain the device’s serial number by intercepting Wi-Fi signals...

CVE-2024-12174

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server...

CVE-2024-12174

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server...

CVE-2024-12174

CVE-2024-12174 affects Tenable Security Center and is caused by improper certificate validation when Security Center sends emails via an SMTP server. The underlying issue allows an authenticated, privileged attacker to intercept email messages sent from Security Center using a rogue SMTP server. ...