Lucene search
K

10 matches found

Vulnrichment
Vulnrichment
added 2026/05/10 8:3 p.m.9 views

CVE-2026-45180 Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' session ids may be leaked. This may allow an attacker to use session ids a...

5.8AI score0.00244EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-31391

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00916EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/12 2:17 p.m.9 views

CVE-2025-49194 Unencrypted communication

The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed...

7.5CVSS7.3AI score0.00275EPSS
Exploits0References6
NVD
NVD
added 2025/06/12 2:15 p.m.21 views

CVE-2025-49183

All communication with the REST API is unencrypted HTTP, allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files...

7.5CVSS0.00261EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 8:0 a.m.6 views

CVE-2019-16732

Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user...

9.3CVSS7.6AI score0.00949EPSS
Exploits1References1
NVD
NVD
added 2025/03/14 1:15 p.m.7 views

CVE-2025-27594

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

7.5CVSS0.00434EPSS
Exploits0References7
NVD
NVD
added 2022/01/06 12:15 p.m.26 views

CVE-2021-44564

A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to...

8.1CVSS0.00916EPSS
Exploits0References2
Prion
Prion
added 2022/01/06 12:15 p.m.16 views

Design/Logic Flaw

A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to...

6.8CVSS7.9AI score0.00916EPSS
Exploits0References2Affected Software20
CVE
CVE
added 2022/01/06 11:53 a.m.58 views

CVE-2021-44564

The CVE-2021-44564 issue affects Kalkitech Sync SYNC2101/Sync family devices where management communications between Easyconnect and the SYNC device are performed over an unsecured channel. Root cause: insecure communication channel used by the administration tool, enabling attackers with network...

8.1CVSS7.9AI score0.00916EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/06 11:53 a.m.25 views

CVE-2021-44564

A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to...

8.2AI score0.00916EPSS
Exploits0References2
Rows per page
Query Builder