Lucene search
K

21614 matches found

CVE
CVE
added 6 hours ago8 views

CVE-2026-9770

Affected products: TP-Link Kasa EC70 v4 and EC71 v4 firmware. Issue: a static cryptographic private key is stored in a read-only filesystem shared across devices, allowing extraction from the firmware image. Impact: an unauthenticated attacker on the same network could use the embedded key in the...

8.6CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 6 hours ago6 views

EUVD-2026-44576

Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices. An attacker with access to the firmware image can extract the embedded key. Successful exploitation may allow an unauthenticated attacker on the same...

8.6CVSS6.1AI score
Exploits0References5
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

0.00461EPSS
Exploits0References2
CVE
CVE
added 2 days ago9 views

CVE-2026-22093

CVE-2026-22093 affects EVbee Service app (v1.4.101.00). The issue arises because the Android app performs TLS/HTTPS communication but does not validate the server certificate, enabling a man‑in‑the‑middle attacker on the network path to intercept and manipulate traffic. Additionally, the app is d...

9.5CVSS6.1AI score0.00203EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL...

7.4CVSS6.9AI score0.00264EPSS
Exploits0References3
NVD
NVD
added 6 days ago6 views

CVE-2026-0277

An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected...

8.7CVSS0.00125EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-0277

An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected...

8.7CVSS6AI score0.00125EPSS
Exploits0References2
CVE
CVE
added 6 days ago19 views

CVE-2026-0277

The CVE covers Prisma Access Agent for iOS with an improper certificate validation weakness enabling a man-in-the-middle to intercept VPN traffic. Other platforms (Windows, macOS, Linux, Android, ChromeOS) are not affected. Root cause: improper certificate validation in iOS client. Impact is desc...

8.7CVSS6AI score0.00125EPSS
Exploits0References1
Snyk
Snyk
added 6 days ago4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00148EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00148EPSS
Exploits0References2
NVD
NVD
added 6 days ago6 views

CVE-2026-31985

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS0.00121EPSS
Exploits0References1
CVE
CVE
added 6 days ago15 views

CVE-2026-47828

The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...

8.9CVSS7.1AI score0.00148EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/08 1:16 a.m.7 views

CVE-2026-55436

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a...

7.4CVSS0.00258EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/08 12:26 a.m.38 views

CVE-2026-55436 Coder's AI Bridge Proxy skips TLS certificate verification in default configuration

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a...

7.4CVSS0.00258EPSS
Exploits0References5
CVE
CVE
added 2026/07/07 3:37 p.m.12 views

CVE-2026-14935

GStreamer webrtcbin contains a logic flaw in _check_sdp_crypto(): an inverted presence check allows remote SDP offers/answers without the a=fingerprint attribute, while rejecting ones that include it. This could let an attacker intercepting WebRTC signaling bypass the SDP-level DTLS certificate f...

3.7CVSS6AI score0.0015EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 3:37 p.m.33 views

CVE-2026-14935 Gstreamer: gstreamer: webrtcbin accepts remote sdp without a=fingerprint due to inverted presence check

A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attack...

3.7CVSS0.0015EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1111 aiosmtpd STARTTLS unencrypted commands injection

Summary Servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a MitM attack. References NO STARTTLS: Similar vulnerabilities discovered by previous researchers...

5.4CVSS5.9AI score0.00228EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-14935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept...

3.7CVSS6.1AI score0.0015EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/07/06 9:12 p.m.7 views

Coder's AI Bridge Proxy skips TLS certificate verification in default configuration

Summary The AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a secure transport when an upstream proxy was configured. In the default configuration no upstream proxy, outbound HTTPS to the Coder access URL accepted any...

7.4CVSS6AI score0.00258EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/06 6:55 p.m.4 views

CVE-2026-54291 Silent channel-binding authentication downgrade via unsupported certificate algorithms

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00236EPSS
Exploits0References5
Rows per page
Query Builder