JLSEC-2026-385

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...

Kerlink KerOS 安全漏洞

Kerlink KerOS is an operating system from the French company Kerlink. A security vulnerability exists in Kerlink KerOS versions prior to 5.10, which stems from exposing the web interface over HTTP only and does not support HTTPS, which could lead to a man-in-the-middle attack...

CVE-2025-11492 HTTP Configuration and Encryption in Transit

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...

CVE-2025-59410

Dragonfly CVE-2025-59410 affects the scheduler used for downloading tiny files prior to version 2.1.0, where the code path defaults to HTTP instead of HTTPS. This enables a potential Man-in-the-Middle attack to alter the data piece downloaded during the process. The issue is fixed in 2.1.0. The a...

DEBIAN-CVE-2025-9086

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

SUSE-SU-2025:02993-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: Upgraded to version 9.4.58.v20250814: - CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol including DNS over HTTPS bsc1244252...

CVE-2025-51487

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article...

Linux Distros Unpatched Vulnerability : CVE-2023-6211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicki...

Comet: Accelerating Private Inference for Large Language Model by Predicting Activation Sparsity

With the growing use of large language models LLMs hosted on cloud platforms to offer inference services, privacy concerns about the potential leakage of sensitive information are escalating. Secure multi-party computation MPC is a promising solution to protect the privacy in LLM inference...

SUSE CVE-2024-47871

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

PT-2024-29339 · Mmudb · Mmudb

Name of the Vulnerable Software and Affected Versions: mmudb version 1.9.3 Description: The issue concerns the use of the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, which could allow attackers to intercept communications via a man-in-the-middle attack. Recommendations: F...

USN-6574-1: Go vulnerabilities

Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS,...

Siemens QMS Automotive 安全漏洞

Siemens QMS Automotive is a quality management system for the automotive industry from Siemens, Germany. A security vulnerability exists in Siemens QMS Automotive version V12.39, which stems from a lack of security controls in the affected application to prevent unencrypted communication without...

Snap One OvrC Pro 安全漏洞

Snap One OvrC is a free cloud-based remote management and monitoring platform from Snap One USA. A security vulnerability exists in Snap One OvrC Pro versions prior to 7.3 that stems from not using an HTTPS connection, which can be exploited by an attacker to compromise an OvrC Pro device...

PT-2023-13512 · Facebook · Hhvm

Name of the Vulnerable Software and Affected Versions: HHVM versions 4.172.0 and all prior versions Description: The issue arises from HHVM using TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS 1.0 has numerous published vulnerabilities and is deprecated...

PT-2023-23703 · Mymail · Mymail

Name of the Vulnerable Software and Affected Versions: myMail app versions through 14.30 for iOS Description: The issue concerns the myMail app sending cleartext credentials in a situation where STARTTLS is expected by a server. This occurs when the app is used with a server that expects a secure...

SUSE CVE-2018-5113

The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox 58...

PT-2023-18737 · Ibm · Ibm Robotic Process Automation

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 20.12.0 through 21.0.2 Description: The issue allows an attacker to obtain sensitive information using man-in-the-middle techniques because some RPA commands default to HTTP when the prefix is not...

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

...

CVE-2021-35227

The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available...