CVE-2025-13926

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T...

CVE-2025-13926 Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T...

CVE-2026-24060 Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

CVE-2025-32056

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002778 advisory. It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster...

EUVD-2025-203800

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional Core Libraries allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7., from 7.2.0 before 7.3.1...

Tenda AC6 V5.0 Tenda App Router Authentication cleartext transmission vulnerability

Talos Vulnerability Report TALOS-2025-2178 Tenda AC6 V5.0 Tenda App Router Authentication cleartext transmission vulnerability August 20, 2025 CVE Number CVE-2025-31143 SUMMARY A cleartext transmission vulnerability exists in the Tenda App Router Authentication functionality of Tenda AC6 V5.0...

CVE-2014-5380

Grand MA 300 allows retrieval of the access PIN from sniffed data...

Sheer: Cleartext Transmission of password via Email

The password was sent to the user's email in cleartext after successful signup as a fan...

GHSA-779W-XVPM-78JX twitch-tui's connection is not encrypted

Summary The connection is not using TLS for communication Details In the configuration of the irc connection, you are disabling tls which makes all communication to twitch irc servers unencrypted. PoC You can verify by using tcpdump/wireshark that traffic is unencrypted. Impact Communication can ...

EBICS Java Client 安全漏洞

EBICS Java Client is a Java open source EBICS client. It is used to interact with banks using EBICS Electronic Banking Internet Communications Standard. A security vulnerability exists in EBICS Java Client versions prior to 1.2, which stems from a problem with the cryptographic implementation of...

Yelp: password field autocomplete enabled

Summary: Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local...

squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution

A flaw was found in Squid, where a remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This issue occurs because the attacker can overflow the nonce reference counter, which results in remote code execution if the pooled token...

CVE-2014-5380

Grand MA 300 allows retrieval of the access PIN from sniffed data...

CVE-2014-5380

CVE-2014-5380 concerns the Grand MA 300 fingerprint access control device, where a weak PIN verification flaw allows retrieval of the access PIN from sniffed data. Connected advisories describe affected versioning (Grand MA 300/ID with firmware 6.60) and provide concrete attack details, including...

CVE-2014-5380

Grand MA 300 allows retrieval of the access PIN from sniffed data...

Authentication flaw

The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP in cleartext that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and...

ceph: cephx protocol is vulnerable to replay attack

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to the ceph cluster network who is also able to sniff packets on the network can use this vulnerability to authenticate with ceph service and perfo...

Impero Education Pro is vulnerable

Impero Education Pro is an education management solution from Impero, Inc. that integrates classroom management, desktop management, and computer monitoring software into one package. Impero Education Pro versions prior to 5105 have a security vulnerability. Since the program uses hard-coded CBC...

SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...