Lucene search
+L

446 matches found

CVE
CVE
added 2026/03/04 4:13 p.m.14 views

CVE-2026-23812

Technical details (vulnerable products, affected versions, or exploit specifics) are not publicly available in the provided documents. Monitor for updates from NVD/Red Hat/ENISA and vendor advisories.

4.3CVSS5.8AI score0.00147EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/04 4:13 p.m.4 views

CVE-2026-23812 Security Boundary Bypass via Routing Node Impersonation

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or...

4.3CVSS5.8AI score0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/04 4:13 p.m.34 views

CVE-2026-23812 Security Boundary Bypass via Routing Node Impersonation

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or...

4.3CVSS0.00147EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 4:12 p.m.20 views

CVE-2026-23811

CVE-2026-23811 is described across multiple sources as a vulnerability in the client isolation mechanism that may bypass L2 restrictions and, when combined with a port-stealing attack, enable a bi-directional MitM at L3. The connected documents do not provide concrete product/vendor/component/ver...

4.3CVSS5.9AI score0.00155EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/04 4:12 p.m.31 views

CVE-2026-23811 Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation

A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 L2 communication restrictions between clients and redirect traffic at Layer 3 L3. In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable...

4.3CVSS0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 4:10 p.m.3 views

CVE-2026-23809

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...

5.4CVSS5.8AI score0.00259EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.14 views

PT-2026-22943

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...

5.4CVSS5.8AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.7 views

PT-2026-22946

Name of the Vulnerable Software and Affected Versions affected versions not specified Description An attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway using an address-based spoofing technique. Successful exploitation allows redirection of dat...

4.3CVSS5.8AI score0.00147EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.10 views

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities allow attackers to simulate gateways using address-based...

4.3CVSS5.8AI score0.00147EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.10 views

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from a port-stealing method that can bypass BSSID...

7.6CVSS5.8AI score0.00259EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 9:16 a.m.10 views

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

9.1CVSS0.00199EPSS
Exploits0References6
CVE
CVE
added 2026/02/27 8:40 a.m.25 views

CVE-2026-1626

The vulnerability CVE-2026-1626 affects SICK LMS1000 and SICK MRS1000 devices, where the SSH service may accept weak CBC-based cipher suites. This could allow an attacker with network access to observe or manipulate portions of SSH communications. Red Hat and other sources corroborate a CBC-relat...

9.1CVSS5.9AI score0.00199EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 8:40 a.m.4 views

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/13 12:22 a.m.5 views

CVE-2025-9293 Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the...

7.7CVSS5.6AI score0.00224EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/13 12:22 a.m.40 views

CVE-2025-9293 Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the...

7.7CVSS0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.14 views

PT-2026-7956

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the...

7.7CVSS5.5AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:56 a.m.12 views

CVE-2018-4069

An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to...

7.5CVSS6.5AI score0.04011EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.10 views

CVE-2019-18376

A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center MC user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC...

5.9CVSS6.7AI score0.00705EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/12/24 12:24 a.m.6 views

SUSE CVE-2025-67499

The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...

6.6CVSS6.4AI score0.00121EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2025/12/23 2:42 p.m.18 views

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites

Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept traffic and capture user credentials. The extensions are advertised as a "multi-location network speed test plug-in" for...

7.3AI score
Exploits0
Rows per page
Query Builder