The vulnerability of the UMI CMS content management system, related to the lack of measures taken to protect the website structure, allows attackers to intercept the administrator’s session.

The vulnerability of the UMI CMS content management system is related to the lack of measures taken to protect the website’s structure. Operating the system may allow a malicious actor, operating remotely, to intercept the administrator’s session by performing XSS attacks using a specially crafte...

CVE-2025-2818

A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...

CVE-2025-2818

A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...

CVE-2025-2818

A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...

CVE-2025-2818

Technical details such as affected components, root cause, vulnerable versions, or remediation are not publicly disclosed in the provided documents. Monitor for updates from Lenovo/Motorola advisories and Red Hat for this CVE.

PT-2025-29957 · Google +1 · Android +1

Name of the Vulnerable Software and Affected Versions: Motorola Smart Connect Android Application version 1.0 Description: A vulnerability exists in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application. This could allow a nearby attacke...

Motorola Smart Connect Android Application 安全漏洞

The Motorola Smart Connect Android Application is an Android application from Motorola, Inc. that is used to seamlessly interconnect devices. A security vulnerability exists in the Motorola Smart Connect Android Application version 1.0, which stems from mishandling of the Bluetooth transfer...

CVE-2025-53756 Cleartext Transmission Vulnerability in Digisol DG-GR6821AC Router

This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of credentials in its web management interface. A remote attacker could exploit this vulnerability by intercepting the network traffic and capturing cleartext credentials. Successful exploitation of this...

CVE-2025-53756

CVE-2025-53756 affects Digisol DG-GR6821AC Router. The issue is cleartext transmission of credentials in the web management interface, allowing a remote attacker to intercept network traffic and gain unauthorized access. CVSS 4.0 base score 8.7 (HIGH) with network access, low attack complexity, n...

KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception

...

podman: podman missing TLS verification

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

IBM Engineering Requirements Management DOORS 授权问题漏洞

IBM Engineering Requirements Management DOORS is a requirements management tool from International Business Machines IBM. An authorization issue vulnerability exists in IBM Engineering Requirements Management DOORS version 9.7.2.9, which stems from a misconfiguration that could lead to a...

CVE-2025-27450

The Secure attribute is missing on multiple cookies provided by the MEAC300-FNADE4. An attacker can trick a user to establish an unencrypted HTTP connection to the server and intercept the request containing the PHPSESSID cookie...

CVE-2025-27457

All communication between the VNC server and clients is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data...

Multiple Advantech Products Information Disclosure Vulnerabilities

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. An information disclosure vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause data interception and session hijacking...

PT-2025-27847 · WordPress · Ai Engine

Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress version 2.8.4 Description: The issue is due to an insecure OAuth implementation, specifically the lack of validation for the redirect uri parameter during the authorization flow. This allows unauthenticated...

CVE-2025-27457

All communication between the VNC server and clients is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data...

CVE-2025-27457 CVE-2025-27457

All communication between the VNC server and clients is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data...

CVE-2025-27457 CVE-2025-27457

All communication between the VNC server and clients is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data...

CVE-2025-27457

CVE-2025-27457 concerns unencrypted communications between the VNC server and client(s) as stated in the NVD entry. Connected documents describe the same issue in the Endress+Hauser MEAC300-FNADE4 (CNVD/CNNVD/PT security pages), indicating traffic interception could reveal sensitive data. The pri...