Lucene search
+L

21628 matches found

EUVD
EUVD
added 4 hours ago3 views

EUVD-2024-55663

HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and DTLS1.0 or 1.2 implementations . It also affects previous versions such as SSL3.0 and TLS1.0. This can also be considered a type of...

3.7CVSS5.3AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-45168

Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSLverifymode explicitly disabled. An attacker with network man-in-the-middle MITM capability between the Dancer application and googleapis.com can intercept the...

5.4AI score
Exploits0References3
CVE
CVE
added 5 hours ago5 views

CVE-2026-13410

DVE-2026-13410 affects Dancer::Plugin::Auth::Google up to version 0.07 for Perl. TLS verification is disabled because the default user agent initializes SSL_verify_mode as disabled, enabling MITM attackers to intercept the OAuth2 token exchange and userinfo fetch with googleapis.com, forge an acc...

5.4AI score
Exploits0References3
NVD
NVD
added 2 days ago7 views

CVE-2026-56434

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS0.00387EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2 days ago6 views

undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy

A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...

7.4CVSS6.8AI score0.00476EPSS
Exploits0References6
NVD
NVD
added 2 days ago7 views

CVE-2026-9770

Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices. An attacker with access to the firmware image can extract the embedded key. Successful exploitation may allow an unauthenticated attacker on the same...

8.6CVSS0.00221EPSS
Exploits0References5
CVE
CVE
added 2 days ago15 views

CVE-2026-9770

Affected products: TP-Link Kasa EC70 v4 and EC71 v4 firmware. Issue: a static cryptographic private key is stored in a read-only filesystem shared across devices, allowing extraction from the firmware image. Impact: an unauthenticated attacker on the same network could use the embedded key in the...

8.6CVSS6.1AI score0.00221EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44576

Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices. An attacker with access to the firmware image can extract the embedded key. Successful exploitation may allow an unauthenticated attacker on the same...

8.6CVSS6.1AI score0.00221EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-60184

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A use-after-free issue exists in the ngx http ssi module module. This occurs when Server-Side Includes SSI, proxy pass, and proxy bufferin...

8.3CVSS6.1AI score0.00387EPSS
Exploits0References7
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

0.00461EPSS
Exploits0References2
CVE
CVE
added 4 days ago9 views

CVE-2026-22093

CVE-2026-22093 affects EVbee Service app (v1.4.101.00). The issue arises because the Android app performs TLS/HTTPS communication but does not validate the server certificate, enabling a man‑in‑the‑middle attacker on the network path to intercept and manipulate traffic. Additionally, the app is d...

9.5CVSS6.1AI score0.00203EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL...

7.4CVSS6.9AI score0.00264EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 6 days ago5 views

undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy

A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...

7.4CVSS6.8AI score0.00476EPSS
Exploits0References6
NVD
NVD
added 2026/07/09 8:16 p.m.6 views

CVE-2026-0277

An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected...

8.7CVSS0.00125EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 7:14 p.m.23 views

CVE-2026-0277

The CVE covers Prisma Access Agent for iOS with an improper certificate validation weakness enabling a man-in-the-middle to intercept VPN traffic. Other platforms (Windows, macOS, Linux, Android, ChromeOS) are not affected. Root cause: improper certificate validation in iOS client. Impact is desc...

8.7CVSS6AI score0.00125EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/09 7:14 p.m.7 views

CVE-2026-0277

An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected...

8.7CVSS6AI score0.00125EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:41 a.m.5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00148EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:41 a.m.6 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00148EPSS
Exploits0References2
NVD
NVD
added 2026/07/09 8:16 a.m.8 views

CVE-2026-31985

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS0.00121EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 6:7 a.m.15 views

CVE-2026-47828

The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...

8.9CVSS7.1AI score0.00148EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder