CVE-2025-11043

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges...

CVE-2025-11043 Improper Server Certificate Validation in Automation Studio

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges...

CVE-2025-11043

CVE-2025-11043 : ABB Automation Studio is affected by an improper certificate validation vulnerability in the OPC-UA client and the ANSL over TLS client, impacting versions before 6.5. An unauthenticated attacker on the network can position themselves to intercept and interfere with data exchange...

EUVD-2026-3213

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges...

PT-2026-3449

Name of the Vulnerable Software and Affected Versions Automation Studio versions prior to 6.5 Description An Improper Certificate Validation issue exists in the OPC-UA client and ANSL over TLS client. This could allow an unauthenticated attacker on the network to intercept and interfere with data...

B&R Automation Studio Trust Management Vulnerability

B&R Automation Studio is an integrated development environment provided by the Austrian company B&R. Versions of B&R Automation Studio prior to version 6.5 contained a trust management vulnerability. This vulnerability stemmed from improper verification of OPC-UA client and ANSL over TLS client...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002389)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002389 advisory. The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a...

CVE-2026-22689

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...

CVE-2022-50910 Beehive Forum - Account Takeover

Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct...

CVE-2022-50910

Beehive Forum 1.5.2 has a host header injection flaw in the Forgot Password flow. The vulnerability lets an attacker inject a malicious Host header to intercept password reset tokens and change the victim’s password without direct authentication. Root cause: improper host header handling in the p...

CVE-2022-50910 Beehive Forum - Account Takeover

Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct...

EUVD-2026-1872

Mailpit is vulnerable to Cross-Site WebSocket Hijacking CSWSH allowing unauthenticated access to emails...

YoSmart YoLink Smart Hub

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely control other users' smart home devices, intercept sensitive data, and hijack sessions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...

FreeBSD : mail/mailpit -- Cross-Site WebSocket Hijacking (d822839e-ee4f-11f0-b53e-0897988a1c07)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d822839e-ee4f-11f0-b53e-0897988a1c07 advisory. Mailpit author reports: The Mailpit WebSocket server is configured to accept connections from any origi...

CVE-2026-22689

Mailpit prior to v1.28.2 is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) because the WebSocket upgrader accepts connections from any origin (CheckOrigin always true). This enables a malicious site to create a WebSocket to ws://localhost:8025 and receive real-time data such as email conten...

CVE-2023-29681

Cleartext Transmission in cookie:ecospw: in Tenda N301 v6.0, firmware v12.03.01.06pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password...

CVE-2023-50811

An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many...

CVE-2018-18071

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as...

CVE-2018-4069

An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to...

CVE-2021-33024

Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval...