PT-2026-47837

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur in a CMP client application when processing a crafted CMP response. An attacker controlling a CMP server or acting as a man-in-the-middle can send a CRMF...

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities; these vulnerabilities stem from the lack of verification of TLS certificates, allowing HTTPS...

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

CVE-2026-41281

Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information CWE-319 vulnerability. A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially resulting in information disclosure or data tampering...

Linux Distros Unpatched Vulnerability : CVE-2026-44312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to...

PT-2026-40768

An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle MitM attacker to impersonate the controller...

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

CVE-2026-41872

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server...

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the process of establishing HTTPS tunnels through a configured HTTP proxy. An attacker can intercept sensitive session cookies by performing a man-in-the-middle attack or by controlling...

CVE-2026-25160

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...

Improper TLS Certificate Validation

github.com/neuvector/neuvector is vulnerable to improper TLS certificate validation. The vulnerability is due to TLS verification not being enforced by default for OpenID Connect authentication, which allows an attacker to perform man-in-the-middle MITM attacks by intercepting or tampering with...

CVE-2026-24933

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...

PT-2025-51299

Name of the Vulnerable Software and Affected Versions ReyeeOS version 1.204.1614 Description ReyeeOS version 1.204.1614 contains an unencrypted CWMP communication issue that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create ...

CVE-2024-32384

Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...

CVE-2025-59410

Dragonfly CVE-2025-59410 affects the scheduler used for downloading tiny files prior to version 2.1.0, where the code path defaults to HTTP instead of HTTPS. This enables a potential Man-in-the-Middle attack to alter the data piece downloaded during the process. The issue is fixed in 2.1.0. The a...

CVE-2025-58123

CVE-2025-58123 affects the Checkmk Exchange plugin BGP Monitoring. The root cause is improper certificate validation, enabling MitM attackers to intercept traffic when positioned on the network. Documented sources confirm the vulnerability description but do not provide explicit affected versions...

CVE-2024-7402

Netskope has identified a potential gap in its agent Netskope Client in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM Man-in-the-Middle activity on the Netskope Client communication channel. A successful exploitation would require...

CVE-2024-43190

IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques...

UBUNTU-CVE-2024-10977

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

SAMSUNG Exynos Modem 5300 Security Vulnerability

SAMSUNG Exynos Modem 5300 is a modem from Samsung South Korea. A security vulnerability exists in the SAMSUNG Exynos Modem 5300 that originates from allowing a man-in-the-middle attack, where an attacker is able to send a message to the victim in plain text...