Total
828 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32793 | 1 Cilium | 1 Cilium | 2025-09-03 | N/A | 4.0 MEDIUM |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue. | |||||
| CVE-2025-8741 | 1 Macrozheng | 1 Mall | 2025-09-02 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6388 | 1 Canonical | 1 Ubuntu Advantage Desktop Daemon | 2025-08-27 | N/A | 5.9 MEDIUM |
| Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext. | |||||
| CVE-2025-57727 | 1 Jetbrains | 1 Intellij Idea | 2025-08-21 | N/A | 4.7 MEDIUM |
| In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference | |||||
| CVE-2025-0784 | 1 Intelbras | 1 Incontrol Web | 2025-08-20 | 2.6 LOW | 3.7 LOW |
| A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.59 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-11946 | 1 Ixsystems | 2 Truenas, Truenas Firmware | 2025-08-18 | N/A | 6.5 MEDIUM |
| iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the use of an insecure protocol to deliver updates. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-25668. | |||||
| CVE-2025-3480 | 1 Meddream | 1 Pacs Server | 2025-08-15 | N/A | 6.5 MEDIUM |
| MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-25842. | |||||
| CVE-2025-36034 | 1 Ibm | 1 Infosphere Information Server | 2025-08-14 | N/A | 5.3 MEDIUM |
| IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques. | |||||
| CVE-2025-36020 | 1 Ibm | 1 Guardium Data Protection | 2025-08-13 | N/A | 5.9 MEDIUM |
| IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information. | |||||
| CVE-2025-25046 | 1 Ibm | 1 Infosphere Information Server | 2025-08-12 | N/A | 3.7 LOW |
| IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques. | |||||
| CVE-2025-53861 | 1 Redhat | 1 Ansible Automation Platform | 2025-08-11 | N/A | 3.1 LOW |
| A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data. | |||||
| CVE-2025-36107 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-08-07 | N/A | 5.9 MEDIUM |
| IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data. | |||||
| CVE-2025-52490 | 1 Couchbase | 1 Sync Gateway | 2025-08-06 | N/A | 7.3 HIGH |
| An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output. | |||||
| CVE-2025-8205 | 1 Comodo | 1 Dragon | 2025-07-31 | 2.6 LOW | 3.7 LOW |
| A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0.6998.179. Affected by this issue is some unknown functionality of the component IP DNS Leakage Detector. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-37183 | 1 Westermo | 2 L210-f2g, L210-f2g Firmware | 2025-07-30 | N/A | 5.7 MEDIUM |
| Plain text credentials and session ID can be captured with a network sniffer. | |||||
| CVE-2024-26155 | 1 Etictelecom | 1 Remote Access Server Firmware | 2025-07-30 | N/A | 6.8 MEDIUM |
| All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device. | |||||
| CVE-2024-13872 | 1 Bitdefender | 2 Box, Box Firmware | 2025-07-30 | N/A | 7.5 HIGH |
| Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device. | |||||
| CVE-2021-39081 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-07-29 | N/A | 5.9 MEDIUM |
| IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-28786 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-07-25 | N/A | 6.5 MEDIUM |
| IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques. | |||||
| CVE-2025-44612 | 1 Tinxy | 2 Wifi Lock Controller V1 Rf, Wifi Lock Controller V1 Rf Firmware | 2025-07-22 | N/A | 5.9 MEDIUM |
| Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack. | |||||