Total
828 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55976 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2025-10-17 | N/A | 8.4 HIGH |
|
Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint.
|
|||||
| CVE-2025-54156 | 1 Santesoft | 1 Sante Pacs Server | 2025-10-17 | N/A | 7.4 HIGH |
|
The Sante PACS Server Web Portal sends credential information without encryption.
|
|||||
| CVE-2025-7743 | 1 Dolusoft | 1 Omaspot | 2025-10-15 | N/A | 9.6 CRITICAL |
|
Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.This issue affects Omaspot: before 12.09.2025.
|
|||||
| CVE-2025-41718 | 2025-10-14 | N/A | 7.5 HIGH | ||
|
A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI.
|
|||||
| CVE-2025-2861 | 1 Arteche | 2 Satech Bcu, Satech Bcu Firmware | 2025-10-10 | N/A | 7.5 HIGH |
|
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately.
|
|||||
| CVE-2024-25650 | 1 Delinea | 2 Distributed Engine, Secret Server | 2025-10-10 | N/A | 5.9 MEDIUM |
|
Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application.
|
|||||
| CVE-2025-0250 | 1 Hcltech | 1 Intelliops Event Management | 2025-10-09 | N/A | 2.2 LOW |
|
HCL IEM is affected by an authorization token sent in cookie vulnerability. A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks.
|
|||||
| CVE-2025-0252 | 1 Hcltech | 1 Intelliops Event Management | 2025-10-09 | N/A | 2.6 LOW |
|
HCL IEM is affected by a password in cleartext vulnerability. Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit.
|
|||||
| CVE-2024-41757 | 1 Ibm | 1 Concert | 2025-09-29 | N/A | 5.9 MEDIUM |
|
IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
|
|||||
| CVE-2024-39746 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2025-09-29 | N/A | 5.9 MEDIUM |
|
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
|
|||||
| CVE-2024-31905 | 1 Ibm | 1 Qradar Network Packet Capture | 2025-09-29 | N/A | 5.9 MEDIUM |
|
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
|
|||||
| CVE-2017-20200 | 2025-09-24 | 2.6 LOW | 3.7 LOW | ||
|
A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: "(...) there isn't any security implication associated with your findings."
|
|||||
| CVE-2025-10776 | 2025-09-22 | 2.6 LOW | 3.7 LOW | ||
|
A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sensitive information. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-47698 | 2025-09-19 | N/A | N/A | ||
|
An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure.
|
|||||
| CVE-2025-54818 | 2025-09-19 | N/A | 8.0 HIGH | ||
|
Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a proprietary protocol on TCP port 1069 to perform management operations
such as modifying system properties. The user management functionality
handles sensitive data such as registered usernames and passwords over
an unencrypted channel, allowing an adjacent attacker to intercept valid
credentials to gain access to the device.
|
|||||
| CVE-2024-0098 | 2 Microsoft, Nvidia | 2 Windows, Chatrtx | 2025-09-17 | N/A | 5.5 MEDIUM |
|
NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user can cause a clear-text transmission of sensitive information issue by data sniffing. A successful exploit of this vulnerability might lead to information disclosure.
|
|||||
| CVE-2025-50110 | 2025-09-15 | N/A | 8.8 HIGH | ||
|
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS
|
|||||
| CVE-2025-52586 | 2025-09-08 | N/A | 6.9 MEDIUM | ||
|
The MOD3 command traffic between the monitoring application and the
inverter is transmitted in plaintext without encryption or obfuscation.
This vulnerability may allow an attacker with access to a local network
to intercept, manipulate, replay, or forge critical data, including
read/write operations for voltage, current, and power configuration,
operational status, alarms, telemetry, system reset, or inverter control
commands, potentially disrupting power generation or reconfiguring
inve ...
Show More |
|||||
| CVE-2025-41708 | 2025-09-08 | N/A | 7.4 HIGH | ||
|
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.
|
|||||
| CVE-2025-32793 | 1 Cilium | 1 Cilium | 2025-09-03 | N/A | 4.0 MEDIUM |
|
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds availabl ...
Show More |
|||||
| CVE-2025-8741 | 1 Macrozheng | 1 Mall | 2025-09-02 | 2.6 LOW | 3.7 LOW |
|
A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did ...
Show More |
|||||
| CVE-2025-7731 | 2025-09-02 | N/A | 7.5 HIGH | ||
|
Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product and stop the operations of programs by using the obtained credential information.
|
|||||
| CVE-2024-6388 | 1 Canonical | 1 Ubuntu Advantage Desktop Daemon | 2025-08-27 | N/A | 5.9 MEDIUM |
|
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.
|
|||||
| CVE-2025-6180 | 2025-08-22 | N/A | N/A | ||
|
The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition.
|
|||||
| CVE-2025-52351 | 2025-08-22 | N/A | 8.8 HIGH | ||
|
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in password exposure via browser history, proxy logs, referrer headers, and email caching. The vulnerability impacts user credential confidentiality during initial onboarding.
|
|||||
| CVE-2025-57727 | 1 Jetbrains | 1 Intellij Idea | 2025-08-21 | N/A | 4.7 MEDIUM |
|
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
|
|||||
| CVE-2025-0784 | 1 Intelbras | 1 Incontrol Web | 2025-08-20 | 2.6 LOW | 3.7 LOW |
|
A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.59 is a ...
Show More |
|||||
| CVE-2024-11946 | 1 Ixsystems | 2 Truenas, Truenas Firmware | 2025-08-18 | N/A | 6.5 MEDIUM |
|
iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of firmware updates. The issue results from the use of an insecure protocol to deliver updates. An attacker can leverage this in c ...
Show More |
|||||
| CVE-2025-3480 | 1 Meddream | 1 Pacs Server | 2025-08-15 | N/A | 6.5 MEDIUM |
|
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted ...
Show More |
|||||
| CVE-2025-36034 | 1 Ibm | 1 Infosphere Information Server | 2025-08-14 | N/A | 5.3 MEDIUM |
|
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.
|
|||||
| CVE-2025-36020 | 1 Ibm | 1 Guardium Data Protection | 2025-08-13 | N/A | 5.9 MEDIUM |
|
IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information.
|
|||||
| CVE-2025-25046 | 1 Ibm | 1 Infosphere Information Server | 2025-08-12 | N/A | 3.7 LOW |
|
IBM InfoSphere Information Server 11.7 DataStage Flow Designer
transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.
|
|||||
| CVE-2025-53861 | 1 Redhat | 1 Ansible Automation Platform | 2025-08-11 | N/A | 3.1 LOW |
|
A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.
|
|||||
| CVE-2025-8863 | 2025-08-11 | N/A | N/A | ||
|
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission
|
|||||
| CVE-2025-54799 | 2025-08-07 | N/A | N/A | ||
|
Let's Encrypt client and ACME library written in Go (Lego). In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME challenge over unencrypted HTTP, the ACME protocol requires HTTPS when a client communicates with the CA to performs ACME functions. However, the library fails to enforce HTTPS both in the original discov ...
Show More |
|||||
| CVE-2025-36107 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-08-07 | N/A | 5.9 MEDIUM |
|
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data.
|
|||||
| CVE-2025-52490 | 1 Couchbase | 1 Sync Gateway | 2025-08-06 | N/A | 7.3 HIGH |
|
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.
|
|||||
| CVE-2025-8205 | 1 Comodo | 1 Dragon | 2025-07-31 | 2.6 LOW | 3.7 LOW |
|
A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0.6998.179. Affected by this issue is some unknown functionality of the component IP DNS Leakage Detector. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about ...
Show More |
|||||
| CVE-2024-37183 | 1 Westermo | 2 L210-f2g, L210-f2g Firmware | 2025-07-30 | N/A | 5.7 MEDIUM |
|
Plain text credentials and session ID can be captured with a network sniffer.
|
|||||
| CVE-2024-26155 | 1 Etictelecom | 1 Remote Access Server Firmware | 2025-07-30 | N/A | 6.8 MEDIUM |
|
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0
expose clear text credentials in the web portal. An attacker can access
the ETIC RAS web portal and view the HTML code, which is configured to
be hidden, thus allowing a connection to the ETIC RAS ssh server, which
could enable an attacker to perform actions on the device.
|
|||||