OESA-2026-2477 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If...

Astra Linux - уязвимость в qtbase-opensource-src

A issue was discovered in Qt before version 5.15.14, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when such connections are explicit...

CVE-2026-40045 OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway Endpoints

OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...

AVEVA Process Optimization security vulnerabilities

AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a security vulnerability that stems from the use of unencrypted connection channels or protocols by default. This can lead to man-in-the-middle attacks or...

CVE-2025-52435 Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

EUVD-2018-20463

Malware in sbrugna...

EUVD-2007-3201

Malware in sbrugna...

EUVD-2020-27348

Malware in sbrugna...

EUVD-2014-8591

Malware in sbrugna...

EUVD-2021-21889

Malware in sbrugna...

EUVD-2023-36986

Malicious code in bioql PyPI...

EUVD-2025-11977

Malicious code in bioql PyPI...

CVE-2025-31972

CVE-2025-31972 affects HCL BigFix SM. It describes a sensitive information exposure due to internal connections not using TLS, allowing potential disclosure of data between internal components. CVSS 3.1 base score 6.5 (MEDIUM); attack vector adjacent, attack complexity low, privileges required no...

Linux Distros Unpatched Vulnerability : CVE-2023-32762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-securit...

Popular Chrome Extensions Found Leaking Data via Unencrypted Connections

Popular Chrome extensions exposed user data by sending it over unencrypted HTTP, raising privacy concerns. Symantec urges caution for users...

CVE-2023-32762

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the cas...

CVE-2020-7907

In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections...

CVE-2013-5136

Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network...

CVE-2025-2185

ALBEDO Telecom Net.Time - PTP/NTP clock Serial No. NBC0081P software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which could permit an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception...

CVE-2025-2185

ALBEDO Telecom Net.Time - PTP/NTP clock Serial No. NBC0081P software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which could permit an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception...