CVE-2026-10584

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...

Claude Code 安全漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code from 1.2581.0 to 1.4304.0 contained a security vulnerability. This vulnerability stemmed from the SSH remote development feature, which only verified whether the host name exists in t...

CVE-2026-42514

This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to impersonate the target...

CVE-2026-42513

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

Belden多款产品 安全漏洞

Belden Hirschmann HiLCOS OpenBAT, among others, are products of the American company Belden. Belden Hirschmann HiLCOS OpenBAT is an industrial-grade wireless local area network device. Belden Hirschmann HiLCOS BAT450 is an industrial-grade wireless local area network access point device. Belden...

EUVD-2016-10715

Malware in sbrugna...

ASB-A-389127608

In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...

PT-2025-15433 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 SU1 Ivanti Endpoint Manager versions prior to 2022 SU7 Description: The issue concerns improper certificate validation, allowing a remote unauthenticated attacker to intercept limited traffic...

CVE-2024-55928

Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption...

ROS-20240904-11

A vulnerability in the implementation of the PEAP Protected Extensible Authentication Protocol protocol of the Wi-Fi WPA Supplicant client is caused by flaws in the authorization procedure. Wi-Fi WPA Supplicant is caused by a flaw in the authorization procedure. Exploitation of the vulnerability...

Design/Logic Flaw

A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text...

CVE-2024-0556

CVE-2024-0556 describes a weakness in the WIC200 system (version 1.1) where weak cryptography for passwords can allow a remote attacker to intercept traffic and retrieve credentials from another user. The attack enables decoding credentials in Base64, exposing plaintext credentials. The vulnerabi...

CVE-2023-42532

Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information...

PT-2023-28398 · Fotaagent · Fotaagent

Name of the Vulnerable Software and Affected Versions: FotaAgent versions prior to SMR Nov-2023 Release1 Description: The issue is related to improper certificate validation, which allows a remote attacker to intercept network traffic, including firmware information. Recommendations: For versions...

CVE-2023-30729

Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information...

ROS-20220524-21

The cURL command-line utility vulnerability is related to a bug in the HSTS implementation that could allow curl to continue using the HTTP protocol instead of HTTPS if the hostname in the specified URL used an endpoint but did not use it when building the HSTS cache. Exploitation of the...

Default credentials

Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product...

CVE-2021-21571

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service an...

USN-4531-1 busybox vulnerability

It was discovered that the BusyBox wget applet incorrectly validated SSL certificates. A remote attacker could possibly use this issue to intercept secure communications...

CVE-2019-11220

An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials...