Total
828 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45546 | 1 Screencheck | 1 Badgemaker | 2025-03-19 | N/A | 7.5 HIGH |
|
Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing.
|
|||||
| CVE-2024-36558 | 2025-03-19 | N/A | 7.5 HIGH | ||
|
Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication.
|
|||||
| CVE-2024-7713 | 1 Ays-pro | 1 Chatgpt Assistant | 2025-03-18 | N/A | 7.5 HIGH |
|
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it
|
|||||
| CVE-2024-36426 | 2025-03-18 | N/A | 7.5 HIGH | ||
|
In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.
|
|||||
| CVE-2024-31840 | 1 Italtel | 1 Embrace | 2025-03-14 | N/A | 6.5 MEDIUM |
|
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.
|
|||||
| CVE-2025-27594 | 2025-03-14 | N/A | 7.5 HIGH | ||
|
The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack.
|
|||||
| CVE-2023-23914 | 3 Haxx, Netapp, Splunk | 12 Curl, Active Iq Unified Manager, Clustered Data Ontap and 9 more | 2025-03-12 | N/A | 9.1 CRITICAL |
|
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.
|
|||||
| CVE-2022-32906 | 1 Apple | 1 Music | 2025-03-11 | N/A | 5.3 MEDIUM |
|
This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections.
|
|||||
| CVE-2024-53246 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-10 | N/A | 5.3 MEDIUM |
|
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.
|
|||||
| CVE-2025-22493 | 2025-03-05 | N/A | 5.6 MEDIUM | ||
|
Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100.
|
|||||
| CVE-2023-35017 | 1 Ibm | 1 Security Verify Governance | 2025-03-04 | N/A | 5.9 MEDIUM |
|
IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques.
|
|||||
| CVE-2025-24849 | 2025-02-28 | N/A | 7.1 HIGH | ||
|
Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure.
|
|||||
| CVE-2025-0556 | 1 Progress | 1 Telerik Report Server | 2025-02-20 | N/A | 8.8 HIGH |
|
In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing.
|
|||||
| CVE-2023-0922 | 1 Samba | 1 Samba | 2025-02-13 | N/A | 5.9 MEDIUM |
|
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
|
|||||
| CVE-2025-1060 | 2025-02-13 | N/A | 7.5 HIGH | ||
|
CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure
of data when network traffic is being sniffed by an attacker.
|
|||||
| CVE-2024-35210 | 1 Siemens | 1 Sinec Traffic Analyzer | 2025-02-11 | N/A | 5.1 MEDIUM |
|
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgrade attacks exposing confidential information.
|
|||||
| CVE-2023-30515 | 1 Jenkins | 1 Thycotic Devops Secrets Vault | 2025-02-07 | N/A | 7.5 HIGH |
|
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
|
|||||
| CVE-2023-30514 | 1 Jenkins | 1 Azure Key Vault | 2025-02-07 | N/A | 7.5 HIGH |
|
Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
|
|||||
| CVE-2023-30513 | 1 Jenkins | 1 Kubernetes | 2025-02-07 | N/A | 7.5 HIGH |
|
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
|
|||||
| CVE-2024-4161 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | N/A | 8.6 HIGH |
|
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received
clear text. This could allow an unauthenticated, remote attacker to
capture sensitive information.
|
|||||
| CVE-2019-14942 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 5.9 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP.
|
|||||
| CVE-2024-49387 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 7.5 HIGH |
|
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
|
|||||
| CVE-2024-48121 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
|
The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over the GIOP protocol. This allows attackers to possibly gain access to sensitive information via a man-in-the-middle attack.
|
|||||
| CVE-2023-25437 | 1 Vtech | 2 Vcs754a, Vcs754a Firmware | 2025-01-31 | N/A | 8.8 HIGH |
|
An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML.
|
|||||
| CVE-2023-29681 | 1 Tenda | 2 N301, N301 Firmware | 2025-01-30 | N/A | 5.7 MEDIUM |
|
Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
|
|||||
| CVE-2023-29680 | 1 Tenda | 2 N301, N301 Firmware | 2025-01-30 | N/A | 5.7 MEDIUM |
|
Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
|
|||||
| CVE-2023-32290 | 1 Vk.company | 1 Mymail | 2025-01-29 | N/A | 7.5 HIGH |
|
The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.
|
|||||
| CVE-2025-0631 | 2025-01-28 | N/A | N/A | ||
|
A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text.
|
|||||
| CVE-2025-0432 | 2025-01-28 | N/A | 5.7 MEDIUM | ||
|
EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage.
|
|||||
| CVE-2023-25070 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2025-01-28 | N/A | 6.5 MEDIUM |
|
Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product.
|
|||||
| CVE-2023-30354 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | N/A | 9.8 CRITICAL |
|
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access.
|
|||||
| CVE-2023-32784 | 1 Keepass | 1 Keepass | 2025-01-23 | N/A | 7.5 HIGH |
|
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
|
|||||
| CVE-2024-0860 | 1 Softing | 2 Edgeaggregator, Edgeconnector | 2025-01-23 | N/A | 8.0 HIGH |
|
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.
|
|||||
| CVE-2024-28134 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-23 | N/A | 7.0 HIGH |
|
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based
management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected.
|
|||||
| CVE-2024-26288 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-23 | N/A | 8.7 HIGH |
|
An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected.
|
|||||
| CVE-2024-46505 | 2025-01-23 | N/A | 9.1 CRITICAL | ||
|
Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.
|
|||||
| CVE-2023-39245 | 1 Dell | 1 Enterprise Storage Integrator For Sap Landscape Management | 2025-01-23 | N/A | 9.8 CRITICAL |
|
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.
|
|||||
| CVE-2023-27927 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2025-01-17 | N/A | 6.5 MEDIUM |
|
An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials.
|
|||||
| CVE-2024-45102 | 2025-01-14 | N/A | 6.8 MEDIUM | ||
|
A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances.
|
|||||
| CVE-2021-26565 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2025-01-14 | 4.3 MEDIUM | 8.3 HIGH |
|
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.
|
|||||