5 matches found
GHSA-X5W6-38GP-MRQH Flowise: Password Reset Link Sent Over Unsecured HTTP
Summary: The password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle MITM attack, where an attacker on the same network as the user e.g., public Wi-Fi can intercept...
CVE-2026-24934
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...
CVE-2018-1297
When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...
senate.gov.ph XSS vulnerability
Vulnerable URL: http://www.senate.gov.ph/jwplayer/player.swf?Debug=promptopenbugbounty Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 257428 VIP website status:| No Check...
Grandstream Wave Redirection Vulnerability
Grandstream Wave is a free VoIP application from Grandstream. The application supports multiple accounts, simultaneous use of multiple lines, and more. A redirection vulnerability exists in Grandstream Wave version 1.0.1.26, which originates when the program uses an unsecured connection to downlo...