31 matches found
samba: group policy certificate enrollment uses http:// without validation
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...
MAL-2026-4805 Malicious code in metricflow-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9a1c269ce5e462d7e555ce1ca34b7f2e54e3d34ea094d35a67aa7c61d1fe34e The package's exported Metricflow React component defaults serverUrl to http://51.38.65.105:21531 and, when rendered, appends a tag to document.head ...
PT-2026-40762
Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...
EUVD-2026-13840
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...
CVE-2023-53881
ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by...
CVE-2025-59448
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...
EUVD-2017-15489
Malware in sbrugna...
EUVD-2025-30228
Malicious code in bioql PyPI...
EUVD-2025-6437
Malicious code in bioql PyPI...
EUVD-2022-43263
Malicious code in bioql PyPI...
Cognex多款产品 安全漏洞
Cognex In-Sight Explorer and Cognex In-Sight Camera Firmware are both products of Cognex Corporation, U.S.A. Cognex In-Sight Explorer is a tool that has the ability to debug and program the software of its line of smart cameras.Cognex In-Sight Camera Firmware is firmware for a range of smart...
CVE-2024-42495
Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data...
CVE-2025-27594
The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...
CVE-2025-27594
The CVE-2025-27594 entry concerns the SICK DL100-2xxxxxxx series where a proprietary protocol transmits configuration data and authenticates devices without encryption. The underlying issue is the unencrypted protocol, which can allow an attacker to intercept the authentication hash and perform a...
SICK DL100-2xxxxxxx 安全漏洞
The SICK DL100-2xxxxxxxxx is a series of sensors from SICK, Germany. A security vulnerability exists in the SICK DL100-2xxxxxxxxx that stems from communication using an unencrypted proprietary protocol that could result in an authentication hash being intercepted and used to log in to the device...
CVE-2024-42495
Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data...
CVE-2024-42495 Hughes Network Systems WL3000 Missing Encryption of Sensitive Data
Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data...
CVE-2024-42495
CVE-2024-42495 affects Hughes WL3000 Fusion Software (versions prior to 2.7.0.10). The vulnerability arises from credentials used to access device configuration being transmitted via an unencrypted protocol, enabling read-only access to network configuration and terminal configuration data. NVD m...
CVE-2024-42495 Hughes Network Systems WL3000 Missing Encryption of Sensitive Data
Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data...
PT-2024-29989 · Hughes Network Systems +1 · Wl3000 Fusion +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves credentials to access device configuration being transmitted using an unencrypted protocol. This allows read-only access to network...