Lucene search
K

1345 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/03 6:52 p.m.3 views

CVE-2025-62501

SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...

7CVSS5.4AI score0.00465EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/03 6:52 p.m.28 views

CVE-2025-62501 SSH Hostkey Misconfiguration Vulnerability in TP-Link Archer AX53

SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...

7CVSS0.00465EPSS
Exploits0References4
NVD
NVD
added 2026/02/03 3:15 a.m.8 views

CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS0.00156EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 2:28 a.m.13 views

CVE-2026-24935

CVE-2026-24935: A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server, enabling a MitM attacker to intercept or redirect the NAT tunnel establishment. This vulnerability could disrupt service availability or enable targeted attacks by ac...

6.3CVSS5.5AI score0.00144EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 2:26 a.m.4 views

CVE-2026-24934 An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address.

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 2:26 a.m.7 views

EUVD-2026-5285

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 2:19 a.m.6 views

CVE-2026-24932 An improper certificate validation vulnerability was found in ADM while updating the DDNS settings.

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS5.5AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 2:19 a.m.33 views

CVE-2026-24932 An improper certificate validation vulnerability was found in ADM while updating the DDNS settings.

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/02/02 6:16 a.m.9 views

CVE-2026-1530

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle MITM attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in...

8.1CVSS0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/02 5:47 a.m.5 views

EUVD-2026-5117

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.4AI score0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/02 5:47 a.m.5 views

CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.4AI score0.00274EPSS
Exploits0References5
RubySec
RubySec
added 2026/02/02 12:0 a.m.9 views

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.3AI score0.00274EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/01/29 3:46 p.m.9 views

EUVD-2025-206513

Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, libparseccrypto, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means ...

8.3CVSS5.9AI score0.0026EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/25 12:0 a.m.9 views

Debian dsa-6110 : openjdk-17-dbg - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6110 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6110-1 [email protected] https://www.debian.org/securit...

7.5CVSS6.1AI score0.00864EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 3 : jakarta-commons-httpclient-3.0-7jpp.4.AXS3 (AXSA:2014-519:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-519:01 advisory. Description : The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled...

5.8CVSS6.4AI score0.09149EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 3 : jakarta-commons-httpclient-3.0-7jpp.2 (AXSA:2013-107:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-107:01 advisory. The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the...

5.8CVSS7.1AI score0.09254EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.8 views

CVE-2022-38956

An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.11.1.9 and earlier...

5.3CVSS7AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.9 views

CVE-2019-11554

The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service...

5.9CVSS6.8AI score0.00464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:6 a.m.9 views

CVE-2019-20057

com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman for macOS 1.11.0 and earlier allows an attacker to change the System Proxy and redirect all traffic to an attacker-controlled computer, enabling MITM attacks...

4.3CVSS6.8AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:37 a.m.9 views

CVE-2019-11404

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts for compiling and building the published JARs over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack...

8.1CVSS6.9AI score0.01136EPSS
Exploits1References1
Rows per page
Query Builder