Deno's TLS retry copies stale upgrade hook, risking plaintext traffic

Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a stale TLS upgrade hook tha...

CVE-2026-39807 Client-supplied URI scheme trusted without transport verification in bandit

Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determinescheme/2 in lib/bandit/pipeline.ex returns the client-supplied URI scheme verbatim, ignoring the...

CVE-2026-32309

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...

CVE-2026-32309 Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...

CVE-2026-32309 Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...

CVE-2026-32309

Cryptomator (hub-based unlock flow) is affected prior to version 1.19.1. The vault metadata may drive OAuth and key-loading traffic over plaintext HTTP or insecure endpoint schemes instead of HTTPS, enabling a network attacker to observe or tamper with traffic. Bearer tokens and endpoint-level tr...

PT-2026-26657

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...

New Attack Against Wi-Fi

It's called AirSnitch: Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs Service Set Identifiers. This cross-layer identity...

TeamViewer DEX Client Information Disclosure Vulnerability

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from an information disclosure vulnerability that can be exploited by an attacker to cause encrypted UDP traffic to be sent in plaintext, resulting in an...

CVE-2025-10641

All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit the...

EUVD-2023-40615

Malicious code in bioql PyPI...

EUVD-2025-23994

Malicious code in bioql PyPI...

CVE-2025-10540

iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication or encryption. An attacker with network access can intercept sensitive information such as...

CVE-2025-10540

iMonitor EAM 9.6394 transmits client/server and monitor/server communications in plaintext with no authentication. An attacker on the network can intercept credentials, keylogger data, PII, and data in transit, and can tamper with traffic, including issuing arbitrary commands to client agents. Do...

Linux Distros Unpatched Vulnerability : CVE-2023-36671

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffi...

CVE-2025-52586

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write...

CVE-2025-52586

The CVE-2025-52586 issue affects EG4 Electronics EG4 Inverters, where MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext. The root impact described across sources is interception, manipulation, replay, or forging of sensitive commands/data (voltag...

PT-2025-32368

Name of the Vulnerable Software and Affected Versions: Inverter affected versions not specified Description: The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This may allow an attacker with access to a loca...

CVE-2023-36672

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an...

Schneider Electric ASCO 5310和ASCO 5350 安全漏洞

The Schneider Electric ASCO 5310 is a single-channel remote alarm from Schneider Electric France. A security vulnerability exists in the Schneider Electric ASCO 5310 and ASCO 5350, which stems from the inclusion of a sensitive information plaintext transfer vulnerability that could lead to data...