Monthly
Man-in-the-middle interception of Apache Airflow's Git provider (apache-airflow-providers-git before 0.4.1) is possible because git-over-SSH operations run with StrictHostKeyChecking=no by default, so no SSH host-key verification occurs. An attacker positioned on the network path between an Airflow worker and its Git server can impersonate the server to steal the SSH deploy key or inject malicious DAG content, leading to code execution on workers. No public exploit identified at time of analysis, and it is not listed in CISA KEV; CVSS is 8.1 (High) driven by high attack complexity (AC:H) requiring an on-path position.
Man-in-the-middle attacks against LY Corporation's Central Dogma server can compromise mirrored Git repositories in versions of the centraldogma-server-mirror-git module prior to 0.84.0, because the embedded SSH client accepts any host key presented over git+ssh:// connections. An on-path attacker between Central Dogma and the upstream Git server can impersonate that server, inject malicious commits, and silently poison every downstream consumer that reads from the mirror. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Man-in-the-middle exposure in Apache Airflow's `apache-airflow-providers-google` package (versions prior to 22.0.0) stems from the `ComputeEngineSSHHook` shipping with `paramiko.AutoAddPolicy` as its default missing-host-key policy, silently trusting any SSH host key presented by a Compute Engine VM. An in-path network attacker positioned between the Airflow worker and the GCE instance can intercept or tamper with the SSH session, exposing credentials, DAG-driven commands, and transferred data. No public exploit identified at time of analysis and EPSS is very low (0.02%), but technical impact is rated total by SSVC.
Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first be in Bluetooth pairing mode, and the attacker must be in proximity of the vehicle and understand the full pairing process, to be able to pair their device with the vehicle. The attacker's device must remain paired with and in proximity of the motorcycle for the entire duration of the firmware update.
Man-in-the-middle attack against Juniper Networks Apstra allows unauthenticated attackers to impersonate managed network devices and capture credentials due to insufficient SSH host key validation. The vulnerability affects all Apstra versions before 6.1.1, enabling interception of SSH connections between the Apstra orchestration platform and managed infrastructure. No public exploit identified at time of analysis, though the attack requires network positioning between Apstra and target devices.
Attested TLS relay attacks in Cocos AI confidential computing system versions 0.4.0 through 0.8.2 enable attackers to impersonate genuine TEE-protected services on AMD SEV-SNP and Intel TDX platforms by extracting ephemeral TLS private keys and redirecting authenticated sessions. The architectural flaw allows an attacker with physical access or side-channel capabilities to relay attestation evidence to a different endpoint, breaking the authentication binding between the TEE and the client. No vendor-released patch is available; the vulnerability affects a specialized confidential computing platform with low EPSS probability (formal EPSS score not provided in input) and no public exploit identified at time of analysis, though formal ProVerif verification confirms the attack feasibility.
Authentication bypass in the Keylime registrar (versions 7.12.0 and later) lets unauthenticated network attackers perform administrative actions because the registrar fails to enforce client-side mutual TLS. Attackers connecting without a client certificate can list registered agents, read public TPM data, and delete agents - undermining the integrity of the remote-attestation trust chain. EPSS is low (0.04%, 11th percentile) and there is no public exploit identified at time of analysis, but the flaw is trivially reachable (CVSS 9.8) and patched across Red Hat and SUSE channels.
Archer Ax53 Firmware versions up to 1.0 contains a vulnerability that allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) a (CVSS 8.1).
Man-in-the-middle vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) caused by insufficient SSH host key validation, allowing unauthenticated remote attackers to impersonate NDFC-managed devices and intercept SSH traffic. This vulnerability affects Cisco NDFC deployments and could lead to credential capture and device impersonation with a CVSS score of 8.7 (High). Without confirmed KEV status or public POC availability noted in standard databases, organizations should prioritize patching based on CVSS severity and the network-accessible nature of the vulnerability (AV:N).
Backup uploads to ETM subject to man-in-the-middle interception. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Man-in-the-middle interception of Apache Airflow's Git provider (apache-airflow-providers-git before 0.4.1) is possible because git-over-SSH operations run with StrictHostKeyChecking=no by default, so no SSH host-key verification occurs. An attacker positioned on the network path between an Airflow worker and its Git server can impersonate the server to steal the SSH deploy key or inject malicious DAG content, leading to code execution on workers. No public exploit identified at time of analysis, and it is not listed in CISA KEV; CVSS is 8.1 (High) driven by high attack complexity (AC:H) requiring an on-path position.
Man-in-the-middle attacks against LY Corporation's Central Dogma server can compromise mirrored Git repositories in versions of the centraldogma-server-mirror-git module prior to 0.84.0, because the embedded SSH client accepts any host key presented over git+ssh:// connections. An on-path attacker between Central Dogma and the upstream Git server can impersonate that server, inject malicious commits, and silently poison every downstream consumer that reads from the mirror. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Man-in-the-middle exposure in Apache Airflow's `apache-airflow-providers-google` package (versions prior to 22.0.0) stems from the `ComputeEngineSSHHook` shipping with `paramiko.AutoAddPolicy` as its default missing-host-key policy, silently trusting any SSH host key presented by a Compute Engine VM. An in-path network attacker positioned between the Airflow worker and the GCE instance can intercept or tamper with the SSH session, exposing credentials, DAG-driven commands, and transferred data. No public exploit identified at time of analysis and EPSS is very low (0.02%), but technical impact is rated total by SSVC.
Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first be in Bluetooth pairing mode, and the attacker must be in proximity of the vehicle and understand the full pairing process, to be able to pair their device with the vehicle. The attacker's device must remain paired with and in proximity of the motorcycle for the entire duration of the firmware update.
Man-in-the-middle attack against Juniper Networks Apstra allows unauthenticated attackers to impersonate managed network devices and capture credentials due to insufficient SSH host key validation. The vulnerability affects all Apstra versions before 6.1.1, enabling interception of SSH connections between the Apstra orchestration platform and managed infrastructure. No public exploit identified at time of analysis, though the attack requires network positioning between Apstra and target devices.
Attested TLS relay attacks in Cocos AI confidential computing system versions 0.4.0 through 0.8.2 enable attackers to impersonate genuine TEE-protected services on AMD SEV-SNP and Intel TDX platforms by extracting ephemeral TLS private keys and redirecting authenticated sessions. The architectural flaw allows an attacker with physical access or side-channel capabilities to relay attestation evidence to a different endpoint, breaking the authentication binding between the TEE and the client. No vendor-released patch is available; the vulnerability affects a specialized confidential computing platform with low EPSS probability (formal EPSS score not provided in input) and no public exploit identified at time of analysis, though formal ProVerif verification confirms the attack feasibility.
Authentication bypass in the Keylime registrar (versions 7.12.0 and later) lets unauthenticated network attackers perform administrative actions because the registrar fails to enforce client-side mutual TLS. Attackers connecting without a client certificate can list registered agents, read public TPM data, and delete agents - undermining the integrity of the remote-attestation trust chain. EPSS is low (0.04%, 11th percentile) and there is no public exploit identified at time of analysis, but the flaw is trivially reachable (CVSS 9.8) and patched across Red Hat and SUSE channels.
Archer Ax53 Firmware versions up to 1.0 contains a vulnerability that allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) a (CVSS 8.1).
Man-in-the-middle vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) caused by insufficient SSH host key validation, allowing unauthenticated remote attackers to impersonate NDFC-managed devices and intercept SSH traffic. This vulnerability affects Cisco NDFC deployments and could lead to credential capture and device impersonation with a CVSS score of 8.7 (High). Without confirmed KEV status or public POC availability noted in standard databases, organizations should prioritize patching based on CVSS severity and the network-accessible nature of the vulnerability (AV:N).
Backup uploads to ETM subject to man-in-the-middle interception. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.