CVE-2025-53399

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core can allow remote attackers to inject or intercept RTP/SRTP streams via RTP packets. The issue is mitigated in 13.4.1.1 by changing the heuristic exposure to the first five packe...

rtpengine 访问控制错误漏洞

rtpengine is a media proxy software from Sipwise Open Source. An access control error vulnerability exists in rtpengine versions prior to 13.4.1.1, which stems from a source validation error in the endpoint learning logic that could lead to the injection or interception of RTP/SRTP media streams...

CVE-2025-53399

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets except when the relay is configured for strict source and learning disabled. Version 13.4.1...

CVE-2025-53703

DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers...

CVE-2025-31953

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

The vulnerability of the Condeon CMS system, related to the storage of confidential information in open text, allows a hacker to intercept sessions and gain access to the user’s account.

The vulnerability of the Condeon CMS system relates to the storage of confidential information in open text within the memory dump file. Exploiting this vulnerability could allow a malicious actor to intercept sessions and gain access to the user account...

The vulnerability of the Condeon CMS system, related to deficiencies in access control, allows a hacker to intercept sessions and gain access to the user account.

The vulnerability of the Condeon CMS system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to intercept sessions and gain access to the user account...

CVE-2025-53703

DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers...

CVE-2025-53703 DuraComm DP-10iN-100-MU Cleartext Transmission of Sensitive Information

DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers...

PT-2025-30495 · Duracomm · Duracomm Spm-500 Dp-10In-100-Mu

Name of the Vulnerable Software and Affected Versions: DuraComm SPM-500 DP-10iN-100-MU affected versions not specified Description: The device transmits sensitive data without encryption, potentially allowing attackers to intercept it. Recommendations: At the moment, there is no information about...

The vulnerability of Yandex.Disk’s cloud storage service for the iOS operating system, related to the use of an unreliable search path, allows a hacker to interrupt the search order in order to replace the executable file.

The vulnerability of Yandex.Disk’s cloud storage service for the iOS operating system is related to the use of an unreliable search path. Exploiting this vulnerability could allow a attacker to intercept the search order in order to replace the executable file with a malicious one...

CVE-2025-36106

IBM Cognos Analytics Mobile iOS 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library ...

CVE-2025-2818

A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the invite mechanism for remote clusters. An attacker can send unauthorized synchronization payloads by intercepting both the invite and password during the invitation process. Remediation Upgrad...

GHSA-4FWJ-8595-WP25 Mattermost has Insufficiently Protected Credentials

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...

Insufficiently Protected Credentials

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the invite mechanism for remote clusters. An attacker can send unauthorized synchronization payloads by...

Mattermost has Insufficiently Protected Credentials

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...

CVE-2025-6227

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...

CVE-2025-6227

Summary: CVE-2025-6227 affects Mattermost Server versions 10.5.x (<= 10.5.7) and 9.11.x (

CVE-2025-6227 Invite token is used as part of the secure communication

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...