CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1357 matches found

RedhatCVE•added 2026/01/09 11:52 a.m.•7 views

CVE-2009-4510

The SSH service on the TANDBERG Video Communication Server VCS before X5.1 uses a fixed DSA key, which makes it easier for remote attackers to conduct man-in-the-middle attacks and spoof arbitrary servers via crafted SSH packets...

8.5CVSS6.9AI score0.00645EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:27 a.m.•5 views

CVE-2021-33338

The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to obtain the token and conduct Cross-Site Request Forgery CSRF attacks via the pauth parameter...

7.5CVSS7AI score0.0011EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:24 a.m.•5 views

CVE-2021-31747

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in updateapplet.php, which could lead to man-in-the-middle attacks...

5.8CVSS6.7AI score0.00102EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:59 a.m.•5 views

CVE-2020-7213

Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallelsupdates.xml file on the http://update.parallels.com web site...

7.6CVSS7AI score0.00248EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:35 a.m.•6 views

CVE-2024-34454

Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature and because is accepted as a Common Name...

7.4CVSS6.7AI score0.00106EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:46 a.m.•8 views

CVE-2025-23114

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate...

9CVSS7.7AI score0.00462EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:30 a.m.•3 views

CVE-2019-16546

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...

5.9CVSS6.7AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:11 a.m.•5 views

CVE-2025-1099

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and ma...

7CVSS6.4AI score0.00016EPSS

Exploits0References1

Positive Technologies•added 2025/12/01 12:0 a.m.•3 views

PT-2025-48465

Name of the Vulnerable Software and Affected Versions Kerlink gateways versions prior to 5.10 Description Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, lacking HTTPS support. This absence of transport layer security enables a...

7.4CVSS6.5AI score0.00015EPSS

Exploits0References6