SUSE CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

PT-2026-45948

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when fail silently=True, which allows on-path network attackers to read...

CVE-2026-10629 CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

EUVD-2026-23484

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

CVE-2026-33569 Anviz Products Cleartext Transmission of Sensitive Information

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

EUVD-2025-206824

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...

EUVD-2026-5164

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...

PT-2026-4496

Name of the Vulnerable Software and Affected Versions ToDesktop Builder version 0.32.1 Description An improper certificate validation issue exists that could allow an unauthenticated attacker to spoof backend responses. This is possible due to insufficient certificate validation. An on-path...

Siemens SIPROTEC and SICAM

SUMMARY This advisory documents the impact of CVE-2024-3596 also dubbed "Blastradius", a vulnerability in the RADIUS protocol, to SIPROTEC, SICAM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server the RADIUS client, e.g., a SICAM device...

Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

K17663061: BIG-IP SSL state mirroring vulnerability CVE-2020-5885

Security Advisory Description BIG-IP systems set up for connection mirroring in a high availability HA pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring...

K65720640: BIG-IP SSL state mirroring vulnerability CVE-2020-5886

Security Advisory Description BIG-IP systems setup for connection mirroring in a High Availability HA pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring...

K72540690: BIG-IP high availability state mirroring vulnerability CVE-2020-5884

Security Advisory Description The default deployment mode for BIG-IP high availability HA pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring. CVE-2020-5884 Impact On-path attackers may be able to read and modify data in transit...

F5 Networks BIG-IP : BIG-IP SSL state mirroring vulnerability (K17663061)

BIG-IP systems set up for connection mirroring in a high availability HA pair transfersensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.CVE-2020-5885 Impact On-path attackers ma...

F5 Networks BIG-IP : BIG-IP SSL state mirroring vulnerability (K65720640)

BIG-IP systems setup for connection mirroring in a High Availability HA pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.CVE-2020-5886 Impact On-path attackers m...

CVE-2020-5869

In BIG-IQ 5.2.0-7.0.0, high availability HA synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit...

Path traversal

In BIG-IQ 5.2.0-7.0.0, high availability HA synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit...

CVE-2020-5869

CONTEXT: CVE-2020-5869 affects F5 BIG-IQ HA synchronization. Affected software: BIG-IQ 5.2.0–7.0.0. ROOT CAUSE: TLS protection for HA sync is not secure, enabling potential on-path interception or tampering of confidential data in transit. IMPACT: confidentiality and integrity of BIG-IQ HA data m...