3192 matches found
EUVD-2025-37365
When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality...
EUVD-2025-37222
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...
PT-2025-44639
Name of the Vulnerable Software and Affected Versions ISO 15118-2 compliant EV charging systems affected versions not specified Description A flaw exists in the Signal Level Attenuation Characterization SLAC protocol used in electric vehicle EV charging systems that adhere to the ISO 15118-2...
Bizerba BRAIN2 安全漏洞
Bizerba BRAIN2 is an industrial software platform from Bizerba, Germany. A security vulnerability exists in Bizerba BRAIN2 that stems from unencrypted communication when using Active Directory services, which could lead to interception of authentication data and compromise of confidentiality...
PT-2025-44646
Name of the Vulnerable Software and Affected Versions BRAIN2 affected versions not specified Description When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This allows for the interception of authentication data, potentially compromising...
CVE-2025-34271
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...
CVE-2025-34271 Nagios Log Server < 2024R2.0.2 Cluster Manager Credential Requests Sent Over Plaintext
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...
CVE-2025-34271 Nagios Log Server < 2024R2.0.2 Cluster Manager Credential Requests Sent Over Plaintext
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...
CVE-2025-34271
Nagios Log Server (prior to 2024R2.0.2) suffers a cluster manager credential leakage vulnerability: credentials requested from peer nodes over an unencrypted channel, even with SSL/TLS enabled. This allows an on-path attacker to intercept credentials in transit and potentially authenticate as a c...
Man-In-The-Middle (MITM)
Dragonfly is vulnerable to Man-in-the-Middle MitM attack. The vulnerability is due to the scheduler being hardcoded to use the insecure HTTP protocol for downloading tiny files, which allows an attacker to intercept and modify network requests to deliver malicious or altered data...
CVE-2025-60858
Reolink Video Doorbell Wi-Fi DB566128M5MPW stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information...
CVE-2025-40026 KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't recheck L1 intercepts when completing userspace I/O When completing emulation of instruction that generated a userspace exit for I/O, don't recheck L1 intercepts as KVM has already finished that phase of instructi...
CVE-2025-61482
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets,...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the completion of user-space IO without rechecking L1 interception, which could lead to incorrect IO access...
Linux Distros Unpatched Vulnerability : CVE-2025-40026
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: x86: Don't recheck L1 intercepts when completing userspace I/O When completing emulation of instruction that generated a userspace exit for I/O, don't...
PT-2025-43464
Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description An issue exists in the validateAddingWindowLw function within DisplayPolicy.java that may allow an application to intercept drag-and-drop events because of a missing permission check. This...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in transmission of telemetry data. An attacker can perform a man-in-the-middle attack to intercept or modify data in transit. Additionally, they can exhaust system memory by returning oversized responses...
CVE-2025-11619
Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic...
CVE-2025-11492
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...
CVE-2025-61541
Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality forgotsend.cgi. The reset link sent to users is constructed using the HTTP Host header via getwebminemailurl. An attacker can manipulate the Host header to inject a malicious domain into the reset email. If ...