CVE-2025-58124 Lack of TLS validation in plugin check-mk-api on Checkmk Exchange

Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic...

CVE-2025-58123

CVE-2025-58123 affects the Checkmk Exchange plugin BGP Monitoring. The root cause is improper certificate validation, enabling MitM attackers to intercept traffic when positioned on the network. Documented sources confirm the vulnerability description but do not provide explicit affected versions...

Mitsubishi Electric MELSEC iQ-F Series CPU Module

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker the ability to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product by using the obtained credential information. In addition, the...

PT-2025-35081

Name of the Vulnerable Software and Affected Versions: Checkmk Exchange plugin Freebox v6 agent affected versions not specified Description: The Checkmk Exchange plugin Freebox v6 agent contains an improper certificate validation flaw. This allows attackers positioned in a Man-in-the-Middle MitM...

Checkmk Exchange plugin VMware vSAN 安全漏洞

Checkmk Exchange plugin VMware vSAN is a plugin for device status monitoring from Checkmk Germany. A security vulnerability exists in Checkmk Exchange plugin VMware vSAN that stems from improper certificate validation and could lead to a man-in-the-middle attacker intercepting traffic...

PT-2025-35079

Name of the Vulnerable Software and Affected Versions: Checkmk Exchange plugin versions affected versions not specified Description: Improper certificate validation in the Checkmk Exchange plugin’s BGP monitoring functionality allows attackers positioned in a man-in-the-middle MitM position to...

Checkmk Exchange plugin Freebox v6 agent 安全漏洞

Checkmk Exchange plugin Freebox v6 agent is a plugin for device status monitoring from Checkmk Germany. A security vulnerability exists in Checkmk Exchange plugin Freebox v6 agent that stems from improper certificate validation and could lead to a man-in-the-middle attacker intercepting traffic...

PT-2025-35083

Name of the Vulnerable Software and Affected Versions: Checkmk Exchange plugin Dell Powerscale affected versions not specified Description: The Checkmk Exchange plugin for Dell Powerscale contains an improper certificate validation flaw. This allows attackers positioned in a Man-in-the-Middle Mit...

PT-2025-35082

Name of the Vulnerable Software and Affected Versions: Checkmk Exchange plugin VMware vSAN affected versions not specified Description: The Checkmk Exchange plugin for VMware vSAN contains an improper certificate validation flaw. This allows attackers positioned in a Man-in-the-Middle MitM positi...

Every Keystroke You Make: a Tech-Law Measurement and Analysis of Event Listeners for Wiretapping

The privacy community has a long track record of investigating emerging types of web tracking techniques. Recent work has focused on compliance of web trackers with new privacy laws such as Europe's GDPR and California's CCPA. Despite the growing body of research documenting widespread lack of...

CVE-2025-55443

Affected product: Telpo MDM Android, versions 1.4.6–1.4.9. Vulnerability: Sensitive administrator credentials and MQTT server connection details are stored in plaintext in log files on external storage, enabling access to the MDM web platform to perform administrative operations and to the MQTT s...

CVE-2025-6180

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

CVE-2025-6180

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

CVE-2025-6180 Authentication Hijack

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

CVE-2025-6180 Authentication Hijack

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

CVE-2025-6180

CVE-2025-6180 affects StrongDM Client. The issue is insufficient protection of a pre-authentication token, allowing interception and reuse via a race condition that could potentially redeem valid authentication credentials. The impact is described as token-level exposure with elevated risk to con...

PT-2025-34123 · Strongdm · Strongdm Client

Name of the Vulnerable Software and Affected Versions: StrongDM Client affected versions not specified Description: The StrongDM Client did not adequately protect a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication...

StrongDM Client 安全漏洞

StrongDM Client is a client software from StrongDM, Inc. A security vulnerability exists in StrongDM Client that stems from insufficient protection of pre-authenticated tokens, which could lead to interception and reuse of tokens...

Linux Distros Unpatched Vulnerability : CVE-2025-37957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f KVM: x86: forcibly leave nested mode on vCPU reset addressed an issue...

CVE-2025-7774 Rockwell Automation ArmorBlock 5000 I/O – Web Server Vulnerabilities

A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions...