CVE-2025-27450 CVE-2025-27450

The Secure attribute is missing on multiple cookies provided by the MEAC300-FNADE4. An attacker can trick a user to establish an unencrypted HTTP connection to the server and intercept the request containing the PHPSESSID cookie...

CVE-2025-27450 CVE-2025-27450

The Secure attribute is missing on multiple cookies provided by the MEAC300-FNADE4. An attacker can trick a user to establish an unencrypted HTTP connection to the server and intercept the request containing the PHPSESSID cookie...

Endress+Hauser MEAC300-FNADE4 安全漏洞

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4, which stems from the fact that all communications are not encrypted, and can be exploited by an attacker to...

PT-2025-27786 · Endress+Hauser · Endress+Hauser Meac300-Fnade4

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns unencrypted communication between a server and clients, allowing an attacker to intercept traffic and obtain sensitive data. Recommendations: At the moment, there is no...

CVE-2025-36026

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

CVE-2025-36034

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...

CVE-2025-36034

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

CVE-2025-48463

Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering...

CVE-2025-48463

CVE-2025-48463 concerns unencrypted HTTP leading to data interception and session hijacking. The provided docs confirm this vulnerability affects multiple products/vendors and characterize the impact as possible unauthorised access or data tampering due to cleartext traffic. The NVD/RH Red Hat en...

CVE-2025-48463 Unencrypted HTTP Communication

Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering...

Advantech多款产品 安全漏洞

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. An information disclosure vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause data interception and session hijacking...

PT-2025-26677 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP versions affected versions not specified Description: The issue arises from the use of unencrypted HTTP communication, allowing an attacker to intercept data and conduct session hijacking on exposed data. This could lead to...

Palo Alto GlobalProtect App MacOS 6.x < 6.2.8-h2 / 6.3.x < 6.3.3-650 Improper Access Control (CVE-2025-4227)

The version of Palo Alto GlobalProtect App installed on the remote macOS host is 6.x prior to 6.2.8-h2 or 6.3.x prior to 6.3.3-650. It is, therefore, affected by a improper access control vulnerability: - An improper access control vulnerability in the Endpoint Traffic Policy Enforcement feature ...

Autonomous 3D Moving Target Encirclement and Interception with Range Measurement

Commercial UAVs are an emerging security threat as they are capable of carrying hazardous payloads or disrupting air traffic. To counter UAVs, we introduce an autonomous 3D target encirclement and interception strategy. Unlike traditional ground-guided systems, this strategy employs autonomous...

COROS PACE 3 安全漏洞

COROS PACE 3 is a GPS sports watch from COROS China. A security vulnerability exists in COROS PACE 3 3.0808.0 and earlier versions, which originates from unencrypted WLAN communication and could lead to a man-in-the-middle attack...

PT-2025-26320 · Coros · Coros

Name of the Vulnerable Software and Affected Versions: COROS application versions 3.8.12 and earlier Description: The issue concerns the COROS application's handling of Bluetooth pairing and bonding. The application does not initiate or enforce pairing and bonding, and the watch also does not...

CVE-2025-23168

The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication 2FA using One-Time Passcodes OTP delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the O...

The vulnerability of the web interfaces of IBM OpenPages and IBM OpenPages with Watson allows a hacker to intercept user sessions.

The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to improper session management. Exploiting this vulnerability can allow a malicious actor to intercept a user’s session...

CVE-2025-4227

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows...