Total
779 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53139 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 4 more | 2025-10-23 | N/A | 7.7 HIGH |
| Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2025-56447 | 2025-10-22 | N/A | 9.8 CRITICAL | ||
| TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure. | |||||
| CVE-2025-55976 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2025-10-17 | N/A | 8.4 HIGH |
| Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint. | |||||
| CVE-2025-54156 | 1 Santesoft | 1 Sante Pacs Server | 2025-10-17 | N/A | 7.4 HIGH |
| The Sante PACS Server Web Portal sends credential information without encryption. | |||||
| CVE-2025-7743 | 1 Dolusoft | 1 Omaspot | 2025-10-15 | N/A | 9.6 CRITICAL |
| Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.This issue affects Omaspot: before 12.09.2025. | |||||
| CVE-2025-41718 | 2025-10-14 | N/A | 7.5 HIGH | ||
| A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI. | |||||
| CVE-2025-2861 | 1 Arteche | 2 Satech Bcu, Satech Bcu Firmware | 2025-10-10 | N/A | 7.5 HIGH |
| SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately. | |||||
| CVE-2024-25650 | 1 Delinea | 2 Distributed Engine, Secret Server | 2025-10-10 | N/A | 5.9 MEDIUM |
| Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application. | |||||
| CVE-2025-0250 | 1 Hcltech | 1 Intelliops Event Management | 2025-10-09 | N/A | 2.2 LOW |
| HCL IEM is affected by an authorization token sent in cookie vulnerability. A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks. | |||||
| CVE-2025-0252 | 1 Hcltech | 1 Intelliops Event Management | 2025-10-09 | N/A | 2.6 LOW |
| HCL IEM is affected by a password in cleartext vulnerability. Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit. | |||||
| CVE-2024-41757 | 1 Ibm | 1 Concert | 2025-09-29 | N/A | 5.9 MEDIUM |
| IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2024-39746 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2025-09-29 | N/A | 5.9 MEDIUM |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2024-31905 | 1 Ibm | 1 Qradar Network Packet Capture | 2025-09-29 | N/A | 5.9 MEDIUM |
| IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2017-20200 | 2025-09-24 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: "(...) there isn't any security implication associated with your findings." | |||||
| CVE-2025-10776 | 2025-09-22 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sensitive information. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-54818 | 2025-09-19 | N/A | 8.0 HIGH | ||
| Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channel, allowing an adjacent attacker to intercept valid credentials to gain access to the device. | |||||
| CVE-2025-47698 | 2025-09-19 | N/A | N/A | ||
| An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure. | |||||
| CVE-2024-0098 | 2 Microsoft, Nvidia | 2 Windows, Chatrtx | 2025-09-17 | N/A | 5.5 MEDIUM |
| NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user can cause a clear-text transmission of sensitive information issue by data sniffing. A successful exploit of this vulnerability might lead to information disclosure. | |||||
| CVE-2025-50110 | 2025-09-15 | N/A | 8.8 HIGH | ||
| An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS | |||||
| CVE-2025-52586 | 2025-09-08 | N/A | 6.9 MEDIUM | ||
| The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write operations for voltage, current, and power configuration, operational status, alarms, telemetry, system reset, or inverter control commands, potentially disrupting power generation or reconfiguring inverter settings. | |||||