Total
827 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-70048 | 1 Nexus | 1 Nexusinterface | 2026-03-13 | N/A | 7.5 HIGH |
| An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2. | |||||
| CVE-2026-23662 | 1 Microsoft | 1 Azure Iot Explorer | 2026-03-12 | N/A | 7.5 HIGH |
| Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-23661 | 1 Microsoft | 1 Azure Iot Explorer | 2026-03-12 | N/A | 7.5 HIGH |
| Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-69969 | 1 Pebblepower | 2 Pebble Prism Ultra, Pebble Prism Ultra Firmware | 2026-03-09 | N/A | 9.6 CRITICAL |
| A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services. | |||||
| CVE-2026-2671 | 2026-03-09 | 1.8 LOW | 3.1 LOW | ||
| A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information. The attack can only be performed from the local network. The attack's complexity is rated as high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-43766 | 1 Google | 1 Android | 2026-03-06 | N/A | 6.5 MEDIUM |
| In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-66604 | 1 Yokogawa | 1 Fast\/tools | 2026-03-05 | N/A | 5.3 MEDIUM |
| A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | |||||
| CVE-2025-13490 | 1 Ibm | 2 App Connect Enterprise Certified Containers Operands, App Connect Operator | 2026-03-04 | N/A | 5.9 MEDIUM |
| IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques. | |||||
| CVE-2026-20801 | 2026-03-03 | N/A | 5.6 MEDIUM | ||
| Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025. | |||||
| CVE-2026-27752 | 1 Sodola-network | 2 Sl902-swtgw124as, Sl902-swtgw124as Firmware | 2026-03-03 | N/A | 5.9 MEDIUM |
| SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway. | |||||
| CVE-2025-58107 | 2026-03-02 | N/A | 7.5 HIGH | ||
| In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password. | |||||
| CVE-2025-27903 | 1 Ibm | 1 Db2 Recovery Expert | 2026-02-26 | N/A | 5.9 MEDIUM |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2025-13454 | 1 Lenovo | 8 Thinkplus Fu100, Thinkplus Fu100 Firmware, Thinkplus Fu200 and 5 more | 2026-02-25 | N/A | 5.5 MEDIUM |
| A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information. | |||||
| CVE-2024-1657 | 2026-02-25 | N/A | 8.1 HIGH | ||
| A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system. | |||||
| CVE-2023-23841 | 1 Solarwinds | 1 Serv-u | 2026-02-25 | N/A | 7.5 HIGH |
| SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data. | |||||
| CVE-2024-38891 | 1 Horizoncloud | 1 Caterease | 2026-02-24 | N/A | 7.5 HIGH |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information. | |||||
| CVE-2024-5462 | 1 Broadcom | 1 Fabric Operating System | 2026-02-23 | N/A | 7.5 HIGH |
| If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified. | |||||
| CVE-2026-24455 | 2026-02-20 | N/A | 7.5 HIGH | ||
| The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network. | |||||
| CVE-2024-25960 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 7.3 HIGH |
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | |||||
| CVE-2026-0714 | 1 Moxa | 70 Uc-1222a, Uc-1222a Firmware, Uc-2222a-t and 67 more | 2026-02-18 | N/A | 6.8 MEDIUM |
| A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible. | |||||