CVE-2025-27377 Missing Validation of Self-Signed Certificates in Altium Designer Allows Man-in-the-Middle Attacks

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle MITM attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensiti...

CVE-2025-27377 Missing Validation of Self-Signed Certificates in Altium Designer Allows Man-in-the-Middle Attacks

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle MITM attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensiti...

PT-2026-3884

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle MITM attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensiti...

Altium Designer security vulnerabilities

Altium Designer is an electronic design automation software developed by Altium Corporation in the United States. Version 24.9.0 of Altium Designer contains a security vulnerability. This vulnerability stems from unverified self-signed server certificates connected to the cloud, which may lead to...

CVE-2024-45606

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we...

PT-2024-35746 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions 24.9.0 through 24.10.0 Description: A stored cross-site scripting XSS vulnerability in the Device Settings section of LibreNMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...

CVE-2024-47524 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of...

PT-2024-7961 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.9.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the hostname parameter. This can lead to the...

PT-2024-7962 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.9.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This can lead to the execution of...

PT-2024-32639 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.9.0 Description: The application fails to properly sanitize user input in the Device Groups name, allowing an attacker to execute malicious JavaScript code when a user views the details of the Device Group. This...

CVE-2024-45606

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we...

CVE-2024-45606

CVE-2024-45606 affects Sentry (self-hosted and SaaS). An authenticated user could mute alert rules across arbitrary organizations and projects using a known rule ID without membership or project permissions due to improper authorization checks. A fix was issued to scope authorization correctly; a...

CVE-2024-45606 Improper authorization on muting of alert rules in sentry

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we...

Sentry improperly authorizes deletion of user issue alert notifications

Impact An authenticated user may delete user issue alert notifications for arbitrary users given a known alert ID. Patches A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action...