42 matches found
CVE-2023-29681
Cleartext Transmission in cookie:ecospw: in Tenda N301 v6.0, firmware v12.03.01.06pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password...
CVE-2023-53901
WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests...
EUVD-2023-60189
WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests...
EUVD-2019-18480
Malware in sbrugna...
EUVD-2020-17925
Malware in sbrugna...
EUVD-2020-21753
Malware in sbrugna...
EUVD-2017-3713
Malware in sbrugna...
EUVD-2023-33220
Malicious code in bioql PyPI...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the invite mechanism for remote clusters. An attacker can send unauthorized synchronization payloads by intercepting both the invite and password during the invitation process. Remediation Upgrad...
CVE-2025-6227
Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...
CVE-2023-29680
Cleartext Transmission in set-cookie:ecospw: Tenda N301 v6.0, Firmware v12.02.01.61multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password...
CVE-2025-2185
ALBEDO Telecom Net.Time - PTP/NTP clock Serial No. NBC0081P software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which could permit an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception...
CVE-2025-2185
CVE-2025-2185 affects ALBEDO Telecom Net.Time - PTP/NTP clock, v1.4.4. The root cause is insufficient session expiration, enabling an attacker to transmit passwords over unencrypted connections and potentially intercept credentials. Remediation: update to a newer version of Net.Time (per PT-2025-...
CVE-2025-2185 ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration
ALBEDO Telecom Net.Time - PTP/NTP clock Serial No. NBC0081P software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which could permit an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception...
CVE-2025-2185 ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration
ALBEDO Telecom Net.Time - PTP/NTP clock Serial No. NBC0081P software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which could permit an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception...
ALBEDO Telecom Net.Time - PTP/NTP clock
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
PT-2025-17865 · Albedo Telecom · Albedo Telecom Net.Time
Name of the Vulnerable Software and Affected Versions: ALBEDO Telecom Net.Time - PTP/NTP clock Serial No. NBC0081P version 1.4.4 Description: The issue is related to an insufficient session expiration, which could allow an attacker to transmit passwords over unencrypted connections, resulting in...
USN-7050-1 ruby-devise-two-factor vulnerabilities
Benoit Côté-Jodoin and Michael Nipper discovered that Devise-Two-Factor incorrectly handled one-time password validation. An attacker could possibly use this issue to intercept and re-use a one-time password. CVE-2021-43177 Garrett Rappaport discovered that Devise-Two-Factor incorrectly handled...
CVE-2024-22069
CVE-2024-22069 affects ZTE ZXV10 XT802/ET301. The issue is a permission and access control vulnerability allowing a user with common permissions to log in to the terminal web interface and illegally change the administrator password by intercepting password-change requests. Reported as a network-...
CVE-2023-29681
Cleartext Transmission in cookie:ecospw: in Tenda N301 v6.0, firmware v12.03.01.06pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password...