Total
502 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37405 | 1 Ibm | 2 Cloud Pak System, Cloud Pak System Software Suite | 2025-08-18 | N/A | 6.5 MEDIUM |
|
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.
|
|||||
| CVE-2024-38325 | 1 Ibm | 1 Storage Defender | 2025-08-14 | N/A | 5.9 MEDIUM |
|
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI
could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
|
|||||
| CVE-2025-48862 | 2025-08-14 | N/A | 7.1 HIGH | ||
|
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted.
|
|||||
| CVE-2021-37209 | 1 Siemens | 54 Ruggedcom I800, Ruggedcom I801, Ruggedcom I802 and 51 more | 2025-08-12 | 4.0 MEDIUM | 6.7 MEDIUM |
|
A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), R ...
Show More |
|||||
| CVE-2025-33020 | 1 Ibm | 1 Engineering Systems Design Rhapsody | 2025-08-11 | N/A | 5.9 MEDIUM |
|
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.
|
|||||
| CVE-2025-8763 | 2025-08-11 | 2.6 LOW | 3.7 LOW | ||
|
A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk leads to missing encryption of sensitive data. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this ...
Show More |
|||||
| CVE-2025-36062 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-08-07 | N/A | 5.9 MEDIUM |
|
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22
could be vulnerable to information exposure due to the use of unencrypted network traffic.
|
|||||
| CVE-2014-6274 | 1 Git-annex Project | 1 Git-annex | 2025-08-06 | N/A | 7.5 HIGH |
|
git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes
was set, and the remote used encryption=pubkey or encryption=hybrid,
the embedded AWS credentials were stored in the git repository
in (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919.
|
|||||
| CVE-2024-20515 | 1 Cisco | 1 Identity Services Engine | 2025-08-05 | N/A | 6.5 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.
This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view ...
Show More |
|||||
| CVE-2025-40680 | 2025-07-25 | N/A | N/A | ||
|
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values.
|
|||||
| CVE-2018-8849 | 1 Medtronic | 4 N\'vision 8840, N\'vision 8840 Firmware, N\'vision 8870 and 1 more | 2025-06-27 | 2.1 LOW | 4.6 MEDIUM |
|
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest.
|
|||||
| CVE-2012-1977 | 1 Wellintech | 1 Kingview | 2025-06-26 | 7.1 HIGH | N/A |
|
WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file.
|
|||||
| CVE-2025-32875 | 2025-06-23 | N/A | 5.7 MEDIUM | ||
|
An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing attackers within Bluetooth range to eavesdrop on the communication. Furthermore, even if a user manually initiates pairing and bonding in the Android settings, the application continues to transmit data wit ...
Show More |
|||||
| CVE-2023-50129 | 1 Flient | 2 Smart Lock Advanced, Smart Lock Advanced Firmware | 2025-06-20 | N/A | 6.5 MEDIUM |
|
Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter.
|
|||||
| CVE-2023-50126 | 1 Hozard | 1 Alarm System | 2025-06-03 | N/A | 6.5 MEDIUM |
|
Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state.
|
|||||
| CVE-2024-35061 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.3 HIGH |
|
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.
|
|||||
| CVE-2018-18984 | 1 Medtronic | 6 29901 Encore Programmer, 29901 Encore Programmer Firmware, Carelink 2090 Programmer and 3 more | 2025-05-22 | 2.1 LOW | 4.6 MEDIUM |
|
Medtronic CareLink and Encore Programmers
do not encrypt or do not sufficiently encrypt sensitive
PII and PHI information while at rest .
|
|||||
| CVE-2025-24008 | 2025-05-13 | N/A | 6.5 MEDIUM | ||
|
A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not encrypt data in transit. An attacker with network access could eavesdrop the connection and retrieve sensitive information, including obfuscated safety passwords.
|
|||||
| CVE-2025-47274 | 2025-05-12 | N/A | N/A | ||
|
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart stopped containers. This means that an attacker who has access to the home folder of the user who starts the MCP server can read secrets without needing access to the secrets store itself. This only appli ...
Show More |
|||||
| CVE-2022-35860 | 1 Corsair | 2 K63, K63 Firmware | 2025-05-09 | N/A | 6.8 MEDIUM |
|
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.
|
|||||
| CVE-2022-3781 | 1 Devolutions | 2 Devolutions Server, Remote Desktop Manager | 2025-05-05 | N/A | 6.5 MEDIUM |
|
Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data.
This issue affects :
Remote Desktop Manager 2022.2.26 and prior versions.
Devolutions Server 2022.3.1 and prior versions.
|
|||||
| CVE-2017-9045 | 1 Google | 1 Google I\/o 2017 | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocks_v4.json file.
|
|||||
| CVE-2017-9854 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that exploitation likelihood is low because these packets are usually sent only once during installation. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
|
|||||
| CVE-2017-7729 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext.
|
|||||
| CVE-2017-17763 | 1 Liveqos | 1 Superbeam | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection.
|
|||||
| CVE-2017-14953 | 1 Hikvision | 2 Ds-2cd2432f-iw, Ds-2cd2432f-iw Firmware | 2025-04-20 | 3.3 LOW | 6.5 MEDIUM |
|
HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product
|
|||||
| CVE-2017-8168 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | 3.3 LOW | 4.3 MEDIUM |
|
FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmission channel is not encrypted. An attacker accessing the internal network may obtain sensitive information transmitted.
|
|||||
| CVE-2017-6297 | 1 Mikrotik | 1 Routeros | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.
|
|||||
| CVE-2017-3219 | 1 Acronis | 1 True Image | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
|
Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash.
|
|||||
| CVE-2017-9604 | 1 Kde | 3 Kde, Kmail, Messagelib | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2017-15609 | 1 Octopus | 1 Octopus Deploy | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.
|
|||||
| CVE-2017-7406 | 1 Dlink | 1 Dir-615 | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic.
|
|||||
| CVE-2017-8769 | 1 Whatsapp | 1 Whatsapp | 2025-04-20 | 2.1 LOW | 4.6 MEDIUM |
|
Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not "consider these to be security issues" because a u ...
Show More |
|||||
| CVE-2017-6445 | 1 Openelec | 1 Openelec | 2025-04-20 | 7.6 HIGH | 8.1 HIGH |
|
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely.
|
|||||
| CVE-2017-3218 | 1 Samsung | 1 Magician | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
|
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.
|
|||||
| CVE-2017-15581 | 1 Writediary | 1 Diary With Lock | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution.
|
|||||
| CVE-2017-9632 | 1 Pdqinc | 22 Laserjet, Laserjet Firmware, Laserwash 360 and 19 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The username and password are transmitted insecurely.
|
|||||
| CVE-2017-7485 | 1 Postgresql | 1 Postgresql | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
|
|||||
| CVE-2017-8221 | 1 Wificam | 2 Wireless Ip Camera \(p2p\), Wireless Ip Camera \(p2p\) Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2017-12817 | 1 Kaspersky | 1 Internet Security | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.
|
|||||