Lucene search
K

28848 matches found

EUVD
EUVD
added 2026/06/15 10:2 a.m.12 views

EUVD-2026-36705

The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment...

7.1CVSS5.5AI score0.00116EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 10:2 a.m.11 views

CVE-2026-34022 Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption

The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment...

7.1CVSS5.4AI score0.00116EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/15 9:35 a.m.83 views

Cyber-Arena

CyberArena - Cybersecurity Challenge Platform CyberArena is a...

5.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 9:31 p.m.15 views

Malicious code in ect-472839-ctf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a67248cb7373817da18e0edf4a019e2e6c9ded239e93a2e477ac168f7f45eeaa package.json declares a preinstall hook "preinstall": "node index.js" that auto-executes on npm install. index.js issues an HTTP GET to the hardcoded...

5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 2:52 p.m.29 views

CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS0.00206EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/12 2:52 p.m.13 views

EUVD-2026-36466

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.3AI score0.00206EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/12 2:29 p.m.13 views

CVE-2026-40677

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

7.7CVSS5.7AI score0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:29 p.m.28 views

CVE-2026-40677

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

7.7CVSS0.00435EPSS
Exploits0References1
Circl
Circl
added 2026/06/12 12:57 a.m.65 views

CVE-2026-11846

creationtimestamp| type| source ---|---|--- 2026-06-12 00:57:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10970-e4b21-2.html 2026-06-12 11:00:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo3ll2uhvd2u 2026-06-12 13:11:57+00:00| seen|...

8.1CVSS5.8AI score0.00401EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

SAP NetWeaver AS Java Apache Log4j Vulnerability (3726899)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a vulnerability in the Apache Log4j library as referenced in SAP Security Note 3726899: - The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

6.3CVSS6.1AI score0.00743EPSS
Exploits1References2
NVD
NVD
added 2026/06/11 5:16 p.m.18 views

CVE-2026-44494

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS0.01041EPSS
Exploits1References31
Vulnrichment
Vulnrichment
added 2026/06/11 3:32 p.m.10 views

CVE-2026-44494 Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS5.4AI score0.01041EPSS
Exploits1References1
Circl
Circl
added 2026/06/11 12:0 a.m.15 views

CVE-2026-53461

creationtimestamp| type| source ---|---|--- 2026-06-11 00:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnxwaarvuq2v 2026-06-11 01:46:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mny45o6kxl2d...

7.5CVSS5.3AI score0.00353EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:16 p.m.18 views

CVE-2026-10143

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

8.7CVSS0.00517EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.8 views

CVE-2026-45595

Protection mechanism failure in Windows Mark of the Web MOTW allows an unauthorized attacker to bypass a security feature over a network...

5.4CVSS5.4AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.9 views

CVE-2026-0420

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle MiTM style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models...

8.2CVSS5.4AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 3:16 p.m.15 views

CVE-2026-53475

A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security TLS connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle MITM attacker to intercept and harvest vCenter administrator credentials. This can lead to...

9.3CVSS0.00253EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 1:55 p.m.85 views

CVE-2026-53475 Assisted-migration-agent: tls verification disabled on all vcenter connections

A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security TLS connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle MITM attacker to intercept and harvest vCenter administrator credentials. This can lead to...

9.3CVSS0.00253EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 1:55 p.m.22 views

CVE-2026-53475

A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security TLS connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle MITM attacker to intercept and harvest vCenter administrator credentials. This can lead to...

9.3CVSS5.4AI score0.00253EPSS
Exploits0References4
Circl
Circl
added 2026/06/10 11:0 a.m.16 views

CVE-2026-3018

creationtimestamp| type| source ---|---|--- 2026-06-10 11:00:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnwknm5q4p2y 2026-06-10 11:16:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnwlkbkl762m 2026-06-10 12:00:23+00:00| seen|...

7.5CVSS5.3AI score0.01382EPSS
Exploits0References6
Rows per page
Query Builder