CVE-2025-31214 — CVSS 8.1 (high): This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged…
CVE-2024-36553 — CVSS 8.1 (high): Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h is vulnerable to MITM attack.
CVE-2021-21953 — CVSS 8.1 (high): An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h…
CVE-2021-41033 — CVSS 8.1 (high): In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to…
CVE-2025-20122 — CVSS 7.8 (high): A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to…
CVE-2023-32634 — CVSS 7.8 (high): An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An…
CVE-2021-32926 — CVSS 7.5 (high): When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that…
CVE-2025-40770 — CVSS 7.4 (high): A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a…
CVE-2024-32049 — CVSS 7.4 (high): BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials…
CVE-2019-14899 — CVSS 7.4 (high): A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent…
CVE-2017-12150 — CVSS 7.4 (high): It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration…
CVE-2017-15086 — CVSS 7.4 (high): It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for…
CVE-2017-12735 — CVSS 7.4 (high): A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a…
CVE-2017-9941 — CVSS 7.4 (high): A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle…
CVE-2017-6870 — CVSS 7.4 (high): A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol…
CVE-2025-54792 — CVSS 6.8 (medium): LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet…
CVE-2023-2310 — CVSS 6.8 (medium): A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC)…
CVE-2024-45407 — CVSS 6.5 (medium): Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may…
CVE-2023-4885 — CVSS 6.5 (medium): Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the…
CVE-2024-12602 — CVSS 6.2 (medium): Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service…
CVE-2018-0025 — CVSS 6.1 (medium): When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials…
CVE-2020-10749 — CVSS 6.0 (medium): A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in…
CVE-2024-50568 — CVSS 5.9 (medium): A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and…
CVE-2023-38272 — CVSS 5.9 (medium): IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1…
CVE-2023-7008 — CVSS 5.9 (medium): A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when…
CVE-2017-15085 — CVSS 5.9 (medium): It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for…
CVE-2019-19751 — CVSS 5.6 (medium): easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes…
CVE-2024-27263 — CVSS 5.3 (medium): IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive…
CVE-2021-31386 — CVSS 5.3 (medium): A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated…
CVE-2018-14636 — CVSS 5.3 (medium): Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended…
CVE-2026-23812 — CVSS 4.3 (medium): A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate…
CVE-2026-23811 — CVSS 4.3 (medium): A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients…
CVE-2026-23810 — CVSS 4.3 (medium): A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that…
CVE-2018-13298 — CVSS 4.2 (medium): Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle…
CVE-2019-3981 — CVSS 3.7 (low): MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication…
CVE-2017-6052 — CVSS 3.7 (low): A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not…
CVE-2024-50565 — CVSS 3.1 (low): A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through…