CVE-2025-9036

Rockwell Automation FactoryTalk Action Manager (v1.0.0 Runtime) is affected by a vulnerability in its runtime event system that permits unauthenticated local access to a reusable API token. The token is broadcast over a WebSocket and can be intercepted by any local client listening on the connect...

CVE-2025-9036 Rockwell Automation FactoryTalk® Action Manager v1.0.0 Runtime Vulnerability

A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection...

K000152049: F5 Access for Android vulnerability CVE-2025-54809

Security Advisory Description F5 Access for Android before version 3.1.2, which uses HTTPS, does not verify the remote endpoint identity. CVE-2025-54809 Impact An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify data in transit. The...

CVE-2024-41986

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data...

Linux Distros Unpatched Vulnerability : CVE-2020-26976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request...

CVE-2025-52586

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write...

CVE-2025-52586

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write...

EG4 Electronics EG4 Inverters 安全漏洞

EG4 Electronics EG4 Inverters is a series of hybrid inverters from EG4 Electronics, USA. A security vulnerability exists in the EG4 Electronics EG4 Inverters that stems from the unencrypted transmission of MOD3 command traffic, which could lead to data interception and tampering...

PT-2025-32368

Name of the Vulnerable Software and Affected Versions: Inverter affected versions not specified Description: The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This may allow an attacker with access to a loca...

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

EG4 Electronics EG4 Inverters (Update B)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to intercept and manipulate critical data, install malicious firmware, hijack device access, and gain unauthorized control over the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

CVE-2025-20215 Cisco Webex Meeting Client Join Certificate Validation Vulnerability

A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this...

CVE-2025-54792

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...

CVE-2025-54792

LocalSend (open-source file sharing app) is affected in versions 1.16.1 and earlier. A vulnerability in the discovery protocol permits an unauthenticated attacker on the same local network to impersonate legitimate devices, enabling silent interception and modification of file transfers. Impact i...

CVE-2025-54792 LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...

CVE-2025-54792 LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...

CVE-2025-54792 LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...

CVE-2025-53399

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets except when the relay is configured for strict source and learning disabled. Version 13.4.1...