Netty: QUIC stateless reset token material exposed through header-visible connection IDs

Summary Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server's current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers...

PT-2026-48901

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.15.Final Description Netty QUIC exposes the stateless reset token on the network path when utilizing the default HMAC-based connection-ID and stateless-reset-token generators. Specifically, the...

openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

CVE-2026-48480

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

PT-2026-46053

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions using the new RegExp function without complexity validation. An on-path...

CVE-2026-10629 CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

PT-2026-41395

Name of the Vulnerable Software and Affected Versions epa4all-client versions prior to 1.2.2 Description An attacker positioned on the network path between the ePA service and the Konnektor can present any TLS certificate, such as self-signed, expired, or those with an incorrect Common Name CN, t...

CVE-2026-33569 Anviz Products Cleartext Transmission of Sensitive Information

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

EUVD-2026-16128

When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves...

CVE-2026-4247

When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves...

CVE-2026-4247

When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves...

PT-2026-28217

When a challenge ACK is to be sent tcp respond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves...

CVE-2025-15557

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...

CVE-2025-15557

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...

CVE-2025-15557 Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle Attack

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...

CVE-2025-15557 Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle Attack

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...

CVE-2026-24441

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...

CVE-2026-24441

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...