Total
860 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-22155 | 1 Fortinet | 1 Fortisoar | 2026-05-06 | N/A | 6.5 MEDIUM |
| A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here> | |||||
| CVE-2026-33569 | 1 Anviz | 4 Cx2 Lite, Cx2 Lite Firmware, Cx7 and 1 more | 2026-05-04 | N/A | 6.5 MEDIUM |
| Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device. | |||||
| CVE-2026-42514 | 2026-04-29 | N/A | N/A | ||
| This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to impersonate the target user and gain unauthorized access to user accounts on the targeted system. | |||||
| CVE-2011-3022 | 1 Google | 1 Chrome | 2026-04-29 | 5.0 MEDIUM | N/A |
| translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2025-8741 | 1 Macrozheng | 1 Mall | 2026-04-29 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8205 | 1 Comodo | 1 Dragon | 2026-04-29 | 2.6 LOW | 3.7 LOW |
| A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0.6998.179. Affected by this issue is some unknown functionality of the component IP DNS Leakage Detector. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10776 | 2026-04-29 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sensitive information. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-4584 | 2026-04-29 | 1.8 LOW | 3.1 LOW | ||
| A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmission of sensitive information. The attack requires access to the local network. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2017-20200 | 2026-04-29 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: "(...) there isn't any security implication associated with your findings." | |||||
| CVE-2026-40431 | 1 Senselive | 2 X3500, X3500 Firmware | 2026-04-28 | N/A | 5.3 MEDIUM |
| A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same network segment could intercept or observe sensitive operational information. | |||||
| CVE-2026-41275 | 1 Flowiseai | 1 Flowise | 2026-04-25 | N/A | 7.5 HIGH |
| Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle (MITM) attack, where an attacker on the same network as the user (e.g., public Wi-Fi) can intercept the reset link and gain unauthorized access to the victim’s account. This vulnerability is fixed in 3.1.0. | |||||
| CVE-2026-40045 | 1 Openclaw | 1 Openclaw | 2026-04-24 | N/A | 5.7 MEDIUM |
| OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials. | |||||
| CVE-2026-6066 | 1 Connectwise | 1 Automate | 2026-04-23 | N/A | 7.1 HIGH |
| ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center traffic in Automate deployments. The issue has been resolved in Automate 2026.4 by enforcing secure communication for affected Solution Center connections. | |||||
| CVE-2008-0374 | 1 Oki | 2 C5510mfp, C5510mfp Firmware | 2026-04-23 | 10.0 HIGH | 7.5 HIGH |
| OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. | |||||
| CVE-2008-3289 | 1 Storcentric | 1 Retrospect Backup Client | 2026-04-23 | 4.3 MEDIUM | 7.5 HIGH |
| EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet. | |||||
| CVE-2008-4390 | 1 Cisco | 2 Linksys Wvc54gc, Linksys Wvc54gc Firmware | 2026-04-23 | 10.0 HIGH | 7.5 HIGH |
| The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network. | |||||
| CVE-2008-4122 | 1 Joomla | 1 Joomla\! | 2026-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2007-5626 | 1 Bacula | 1 Bacula | 2026-04-23 | 2.1 LOW | 5.5 MEDIUM |
| make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network. | |||||
| CVE-2007-4786 | 1 Cisco | 1 Adaptive Security Appliance Software | 2026-04-23 | 4.3 MEDIUM | 5.3 MEDIUM |
| Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2026-2671 | 2026-04-22 | 1.8 LOW | 3.1 LOW | ||
| A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information. The attack can only be performed from the local network. The attack's complexity is rated as high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||