CVE-2026-25599

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

CVE-2026-25599

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

EUVD-2026-29922

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

CVE-2026-4873

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the incorrect reuse of an unencrypted connection for a subsequent request that expects TLS. An attacker can intercept sensitive information if the second connection is done to the...

CVE-2026-32034

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

CVE-2026-32034

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

CVE-2025-52435 Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

EUVD-2020-4710

Malware in sbrugna...

EUVD-2014-5994

Malware in sbrugna...

EUVD-2013-4976

Malware in sbrugna...

EUVD-2010-3810

Malware in sbrugna...

EUVD-2010-1405

Malware in sbrugna...

EUVD-2018-3040

Malware in sbrugna...

EUVD-2020-21287

Malware in sbrugna...

EUVD-2018-0588

Malware in sbrugna...

EUVD-2017-10197

Malware in sbrugna...

EUVD-2020-27030

Malware in sbrugna...

EUVD-2025-19849

Malicious code in bioql PyPI...

EUVD-2023-2055

Malicious code in bioql PyPI...