Skip to main content

CWE-300

Channel Accessible by Non-Endpoint

41 CVEs Avg CVSS 6.7 MITRE
3
CRITICAL
19
HIGH
16
MEDIUM
3
LOW
5
POC
0
KEV

Monthly

CVE-2026-23812 MEDIUM This Month

ArubaOS access points are vulnerable to gateway impersonation attacks when clients connect via wired or wireless interfaces, allowing unauthenticated attackers to redirect network traffic into a man-in-the-middle position. An attacker can exploit address-based spoofing to intercept or modify data streams intended for the legitimate gateway, compromising the confidentiality of client communications. No patch is currently available.

Information Disclosure Arubaos
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-23811 MEDIUM This Month

Arubaos contains a vulnerability that allows attackers to bypass Layer 2 (L2) communication restrictions between clients and redirect traf (CVSS 4.3).

Authentication Bypass Arubaos
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-23810 MEDIUM This Month

Arubaos contains a vulnerability that allows attackers to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks (CVSS 4.3).

Code Injection Arubaos
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-40770 HIGH This Week

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Sinec Traffic Analyzer
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-54792 CRITICAL POC PATCH Act Now

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Localsend
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2024-50568 MEDIUM This Month

A security vulnerability in Fortinet FortiOS (CVSS 5.9) that allows an unauthenticated attacker with the knowledge of device specific data. Remediation should follow standard vulnerability management procedures.

Fortinet Information Disclosure Fortiproxy Fortios
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-31214 HIGH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-20122 HIGH This Week

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Catalyst Sd Wan Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-50565 LOW Monitor

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortiweb Fortivoice Fortiproxy +3
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2023-38272 MEDIUM This Month

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Cloud Pak System
NVD
CVSS 3.1
5.9
EPSS
0.2%
EPSS 0% CVSS 4.3
MEDIUM This Month

ArubaOS access points are vulnerable to gateway impersonation attacks when clients connect via wired or wireless interfaces, allowing unauthenticated attackers to redirect network traffic into a man-in-the-middle position. An attacker can exploit address-based spoofing to intercept or modify data streams intended for the legitimate gateway, compromising the confidentiality of client communications. No patch is currently available.

Information Disclosure Arubaos
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Arubaos contains a vulnerability that allows attackers to bypass Layer 2 (L2) communication restrictions between clients and redirect traf (CVSS 4.3).

Authentication Bypass Arubaos
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Arubaos contains a vulnerability that allows attackers to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks (CVSS 4.3).

Code Injection Arubaos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Sinec Traffic Analyzer
NVD
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Localsend
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

A security vulnerability in Fortinet FortiOS (CVSS 5.9) that allows an unauthenticated attacker with the knowledge of device specific data. Remediation should follow standard vulnerability management procedures.

Fortinet Information Disclosure Fortiproxy +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Catalyst Sd Wan Manager
NVD
EPSS 0% CVSS 3.1
LOW Monitor

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortiweb +5
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Cloud Pak System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy