CVE-2026-1626

Technical details about CVE-2026-1626 are not publicly provided in the supplied documents. No specifics on affected products, versions, root cause, or remediation are included. Monitor for updates from official sources.

CloudCharge cloudcharge.se

RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic to cause large-scale denial of service, and manipulate data sent to the backend. 2. RECOMMENDED PRACTICES CISA...

EUVD-2023-2423

Malicious code in bioql PyPI...

CVE-2024-27922

TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may var...

CVE-2024-52329 ECOVACS HOME mobile app plugins do not properly validate TLS certificates

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens...

CVE-2024-52329 ECOVACS HOME mobile app plugins do not properly validate TLS certificates

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens...

CVE-2024-39534

CVE-2024-39534 affects Junos OS Evolved. An incorrect comparison in the local address verification API allows an unauthenticated, network-adjacent attacker to create sessions or send traffic using the subnet’s network and broadcast addresses, bypassing certain controls such as stateless firewall ...

CVE-2024-23839 Suricata http: heap use after free with http.request_header and http.response_header keywords

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been...

CVE-2023-48431

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the...

Information disclosure

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the...

CVE-2023-48431

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the...

WordPress Aryo Activity Log Plugin < 2.8.8 IP Spoofing Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:activitylogproject:activitylog"; ifdescription...

CVE-2022-22813

CVE-2022-22813 describes a CWE-798 hard-coded credentials issue in Schneider Electric Easergy P40 devices, where if an attacker obtains the TLS cryptographic key and takes control of the Courier tunneling/communication network, they could observe and manipulate product configuration traffic. Affe...

CVE-2022-22813

A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product configuration...

Siemens SCALANCE FragAttacks

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE family devices Vulnerabilities: Improper Authentication, Injection, Improper Validation of Integrity Check, Improper Input Validation 2. RISK EVALUATION Successful...

Proxify - Swiss Army Knife Proxy Tool For HTTP/HTTPS Traffic Capture, Manipulation, And Replay On The Go

Swiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump, filtering and manipulation via DSL language, upstream HTTP/Socks5 proxy. Additionally a replay utility allows to import the dumped traffic request/responses with correct domain name into burp...

F5 Networks BIG-IP : BIG-IP ASM and BIG-IQ/Enterprise Manager/F5 iWorkflow device authentication and trust vulnerability (K26462555)

An attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic. CVE-2019-6665 Impact BIG-IP ASM / BIG-IQ / Enterprise Manager / F5 iWorkflow Wi...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Systems Director (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Systems Director. Vulnerability Details Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Systems Director. Vulnerability Details...

Native DNS Server (Example)

This module provides a Rex based DNS service which can store static entries, resolve names over pivots, and serve DNS requests across routed session comms. DNS tunnels can operate across the Rex switchboard, and DNS other modules can use this as a template. Setting static records via hostfile...

Btproxy - Man In The Middle Analysis Tool For Bluetooth

Tested Devices Pebble Steel smart watch Moto 360 smart watch OBDLink OBD-II Bluetooth Dongle Withings Smart Baby Monitor If you have tried anything else, please let me know at conorpp at vt dot edu. Dependencies Need at least 1 Bluetooth card either USB or internal. Need to be running Linux,...