EUVD-2025-18743

Malicious code in bioql PyPI...

EUVD-2023-35790

Malicious code in bioql PyPI...

CVE-2025-32880

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks...

CVE-2025-32880

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks...

CVE-2025-32877

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle...

PT-2025-26322 · Coros · Coros Pace 3

Name of the Vulnerable Software and Affected Versions: COROS PACE 3 versions through 3.0808.0 Description: An issue was discovered that allows the COROS Pace 3 to download firmware files via HTTP when connected to a WLAN, but the communication is not encrypted. This lack of encryption enables...

CVE-2025-32880

The CVE-2025-32880 entry concerns COROS PACE 3 devices (through 3.0808.0) where WLAN-based firmware downloads occur over HTTP, unencrypted, enabling sniffing and man-in-the-middle attacks. Affected component is the WLAN firmware update/download flow; root cause is lack of encryption in the HTTP t...

CVE-2025-32877

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle...

CVE-2025-32877

CVE-2025-32877 affects COROS PACE 3 devices up to firmware 3.0808.0. The device identifies itself as having no input/output capabilities, leading to the use of the Just Works BLE pairing method with no authentication. This enables a machine-in-the-middle scenario and allows attackers to interact ...

Linux Distros Unpatched Vulnerability : CVE-2023-31485

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks. CVE-2023-31485 Note th...

CVE-2024-5275

A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle MiTM attack against users of the...

CVE-2023-31485

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks...

3 ways DNS filtering can save SMBs from cyberattacks

If you’re an SMB, chances are that you’re already well-aware of the fact that cyber threats can wreak havoc on your business. Everything from rootkits to ransomware threaten not just financial losses, but also significant network downtime and reputational damage as well. Couple this with the fact...

Ubuntu 16.04 LTS : MCabber vulnerability (USN-4506-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4506-1 advisory. It was discovered that MCabber does not properly manage roster pushes. An attacker could possibly use this issue to remotely perform machine-in-the-middle attacks...

Ubuntu: Security Advisory (USN-4506-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Keystone vulnerabilities (USN-2705-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2705-1 advisory. Qin Zhao discovered Keystone disabled certification verification when the insecure option is set in a paste configuration paste.ini file regardless of th...

Ubuntu: Security Advisory (USN-2705-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Pidgin vulnerabilities (USN-2390-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2390-1 advisory. Jacob Appelbaum and an anonymous person discovered that Pidgin incorrectly handled certificate validation. A remote attacker could exploit this to perfor...

Ubuntu: Security Advisory (USN-1067-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1067-1: Telepathy Gabble vulnerability

It was discovered that Gabble did not verify the from field of google jingleinfo updates. This could allow a remote attacker to perform machine-in-the-middle attacks MITM on streamed media...