Skip to main content

CWE-671

Lack of Administrator Control over Security

4 CVEs Avg CVSS 6.8 MITRE
1
CRITICAL
1
HIGH
2
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-31985 HIGH PATCH This Week

Man-in-the-middle exposure in Nozomi Networks Remote Collector arises because configuring an upstream Guardian or CMC through the n2os-tui interface generates a configuration that disables TLS certificate verification, with no option to re-enable it. Any attacker positioned on the network path between the Remote Collector and its Guardian/CMC can intercept the channel to steal the sync token, impersonate the server, inject spoofed asset or vulnerability data, or disrupt telemetry flow. There is no public exploit identified at time of analysis, and the issue is not on CISA KEV; the vendor (Nozomi) self-reported it.

Code Injection Remote Collector
NVD VulDB
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-24024 CRITICAL This Week

Mjolnir is a moderation tool for Matrix. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2023-20115 MEDIUM This Month

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nx Os
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-29163 MEDIUM PATCH This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Man-in-the-middle exposure in Nozomi Networks Remote Collector arises because configuring an upstream Guardian or CMC through the n2os-tui interface generates a configuration that disables TLS certificate verification, with no option to re-enable it. Any attacker positioned on the network path between the Remote Collector and its Guardian/CMC can intercept the channel to steal the sync token, impersonate the server, inject spoofed asset or vulnerability data, or disrupt telemetry flow. There is no public exploit identified at time of analysis, and the issue is not on CISA KEV; the vendor (Nozomi) self-reported it.

Code Injection Remote Collector
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL This Week

Mjolnir is a moderation tool for Matrix. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nx Os
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy