CVE Daily
← All tags

Tag: Man-in-the-Middle (MitM)

All CVEs associated with "Man-in-the-Middle (MitM)". Page 1/1 • 37 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-08-14
High

CVE-2024-7402

Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) act…

CVSS: 7.0 CWE: CWE-354
Read more
2025-08-13
Medium

CVE-2025-55279

This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting…

CVSS: 6.9 CWE: CWE-798
Read more
2025-08-12
High

CVE-2025-40770

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a monitoring interface that is not operating in a strictly passive mod…

CVSS: 7.4 CWE: CWE-300
Read more
Medium

CVE-2024-41986

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506…

CVSS: 6.4 CWE: CWE-327
Read more
Medium

CVE-2025-26398

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This…

CVSS: 5.6 CWE: CWE-798
Read more
2025-08-09
Medium

CVE-2025-55013

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (tas…

CVSS: 4.2 CWE: CWE-23
Read more
2025-08-08
High

CVE-2025-8393

A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in…

CVSS: 7.3 CWE: CWE-295
Read more
2025-08-06
Medium

CVE-2025-48393

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security is…

CVSS: 5.7 CWE: CWE-295
Read more
2025-08-01
Critical

CVE-2025-54792

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-th…

CVSS: 9.3 CWE: CWE-300
Read more
2025-07-31
Medium

CVE-2024-34328

An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute a man-in-the-middle attack via a crafted URL.

CVSS: 6.3 CWE: CWE-601
Read more
2025-07-11
Low

CVE-2025-53861

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to rea…

CVSS: 3.1 CWE: CWE-319
Read more
2025-07-10
High

CVE-2025-49812

In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Onl…

CVSS: 7.4 CWE: CWE-287
Read more
2025-06-26
Medium

CVE-2025-36034

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle t…

CVSS: 5.3 CWE: CWE-319
Read more
2025-06-24
High

CVE-2025-6032

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

CVSS: 8.3 CWE: CWE-295
Read more
2025-06-11
Critical

CVE-2025-41663

For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated…

CVSS: 9.8 CWE: CWE-78
Read more
2025-05-30
Medium

CVE-2025-44612

Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and acce…

CVSS: 5.9 CWE: CWE-319
Read more
2025-04-23
Low

CVE-2025-25046

IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle tec…

CVSS: 3.7 CWE: CWE-319
Read more
2025-04-08
Low

CVE-2024-50565

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through…

CVSS: 3.1 CWE: CWE-300
Read more
High

CVE-2024-26013

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through…

CVSS: 7.5 CWE: CWE-923
Read more
2025-03-14
Medium

CVE-2023-48785

An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS com…

CVSS: 4.8 CWE: CWE-295
Read more
Medium

CVE-2024-40590

An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager d…

CVSS: 4.8 CWE: CWE-295
Read more
2025-03-12
High

CVE-2024-13872

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates…

CVSS: 7.5 CWE: CWE-319
Read more
2025-01-28
Medium

CVE-2024-28786

IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques.

CVSS: 6.5 CWE: CWE-319
Read more
2025-01-27
Medium

CVE-2024-38325

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel.…

CVSS: 5.9 CWE: CWE-311
Read more
2025-01-26
Medium

CVE-2023-38009

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.

CVSS: 4.2 CWE: CWE-295
Read more
2025-01-24
Medium

CVE-2024-41757

IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit…

CVSS: 5.9 CWE: CWE-311
Read more
2025-01-07
Medium

CVE-2024-52366

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An…

CVSS: 5.9 CWE: CWE-327
Read more
2024-11-18
Medium

CVE-2021-1440

A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco&nbsp;IOS XR Software could allow an unauthenticated, remote attacker to cause the Border Gatewa…

CVSS: 6.8 CWE: CWE-617
Read more
2024-11-15
High

CVE-2022-20814

A vulnerability in the certificate validation of Cisco&nbsp;Expressway-C and Cisco&nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.…

CVSS: 7.4 CWE: CWE-295
Read more
Medium

CVE-2024-43189

IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could expl…

CVSS: 5.9 CWE: CWE-327
Read more
2024-07-17
High

CVE-2024-20323

A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes an…

CVSS: 7.5 CWE: CWE-321
Read more
2024-06-28
High

CVE-2024-39348

Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute a…

CVSS: 7.5 CWE: CWE-494
Read more
Medium

CVE-2024-39347

Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensit…

CVSS: 5.9 CWE: CWE-276
Read more
2024-05-01
Medium

CVE-2022-38386

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow…

CVSS: 5.9 CWE: CWE-1275
Read more
2022-03-08
Medium

CVE-2021-42017

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM…

CVSS: 5.9 CWE: CWE-358
Read more
Medium

CVE-2021-37209

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8),…

CVSS: 6.7 CWE: CWE-326
Read more
2020-10-20
Medium

CVE-2020-3993

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious ac…

CVSS: 5.9 CWE: N/A
Read more