Total
337 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12817 | 1 Kaspersky | 1 Internet Security | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | |||||
| CVE-2017-7485 | 1 Postgresql | 1 Postgresql | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. | |||||
| CVE-2023-46219 | 2 Fedoraproject, Haxx | 2 Fedora, Curl | 2026-05-12 | N/A | 5.3 MEDIUM |
| When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. | |||||
| CVE-2014-2379 | 1 Sensysnetworks | 4 Trafficdot, Vds, Vsn240-f and 1 more | 2026-05-06 | 4.3 MEDIUM | N/A |
| Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network. | |||||
| CVE-2012-1977 | 1 Wellintech | 1 Kingview | 2026-04-29 | 7.1 HIGH | N/A |
| WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file. | |||||
| CVE-2026-34992 | 1 Linuxfoundation | 1 Antrea | 2026-04-27 | N/A | 7.5 HIGH |
| Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled (trafficEncryptionMode: ipsec), Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly encrypted via ESP (Encapsulating Security Payload), traffic using IPv6 is transmitted in plaintext. This occurs because the packets are encapsulated (using Geneve or VXLAN) but bypass the IPsec encryption layer. Impacted Users: users with dual-stack clusters and IPsec encryption enabled. Single-stack IPv4 or IPv6 clusters are not affected. This vulnerability is fixed in 2.4.5 and 2.5.2. | |||||
| CVE-2007-4961 | 1 Lindenlab | 1 Second Life | 2026-04-23 | 4.3 MEDIUM | 7.5 HIGH |
| The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server. | |||||
| CVE-2024-41124 | 2026-04-15 | N/A | 6.3 MEDIUM | ||
| Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. `API_URLS` is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by using https rather than http connections. All users are advised to upgrade. There is no known workarounds for this vulnerability. | |||||
| CVE-2025-48981 | 2026-04-15 | N/A | 8.6 HIGH | ||
| An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection. | |||||
| CVE-2025-48862 | 2026-04-15 | N/A | 7.1 HIGH | ||
| Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted. | |||||
| CVE-2025-32875 | 2026-04-15 | N/A | 5.7 MEDIUM | ||
| An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing attackers within Bluetooth range to eavesdrop on the communication. Furthermore, even if a user manually initiates pairing and bonding in the Android settings, the application continues to transmit data without requiring the watch to be bonded. This fallback behavior enables attackers to exploit the communication, for example, by conducting an active machine-in-the-middle attack. | |||||
| CVE-2025-36751 | 2026-04-15 | N/A | N/A | ||
| Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint. | |||||
| CVE-2024-5731 | 2026-04-15 | N/A | 6.8 MEDIUM | ||
| A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information. | |||||
| CVE-2024-7396 | 2026-04-15 | N/A | N/A | ||
| Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2. | |||||
| CVE-2024-29151 | 2026-04-15 | N/A | 9.1 CRITICAL | ||
| Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI. | |||||
| CVE-2025-24008 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not encrypt data in transit. An attacker with network access could eavesdrop the connection and retrieve sensitive information, including obfuscated safety passwords. | |||||
| CVE-2025-1243 | 2026-04-15 | N/A | N/A | ||
| The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the `update response` field not having Data Converter transformations (e.g. encryption) applied. This is an issue only when using the UpdateWorkflowExecution APIs (released on 13th January 2025) with a proxy leveraging the api-go library before version 1.44.1. Other data fields were correctly sent to Data Converter. This issue does not impact the Data Converter server. Data was encrypted in transit. Temporal Cloud services are not impacted. | |||||
| CVE-2024-27106 | 2026-04-15 | N/A | 5.7 MEDIUM | ||
| Vulnerable data in transit in GE HealthCare EchoPAC products | |||||
| CVE-2024-38283 | 2026-04-15 | N/A | N/A | ||
| Sensitive customer information is stored in the device without encryption. | |||||
| CVE-2025-40680 | 2026-04-15 | N/A | N/A | ||
| Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values. | |||||