Total
789 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50110 | 2025-09-15 | 8.8 High | ||
| An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS | ||||
| CVE-2025-41708 | 1 Bender | 5 Cc612, Cc613, Icc13xx and 2 more | 2025-09-15 | 7.4 High |
| Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission. | ||||
| CVE-2025-55976 | 1 Intelbras | 1 Iwr 3000n | 2025-09-11 | 8.4 High |
| Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint. | ||||
| CVE-2025-52586 | 1 Eg4 Electronics | 7 Eg4 12000xp, Eg4 12kpv, Eg4 18kpv and 4 more | 2025-09-08 | 6.9 Medium |
| The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write operations for voltage, current, and power configuration, operational status, alarms, telemetry, system reset, or inverter control commands, potentially disrupting power generation or reconfiguring inverter settings. | ||||
| CVE-2025-32793 | 1 Cilium | 1 Cilium | 2025-09-03 | 4 Medium |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue. | ||||
| CVE-2025-7731 | 1 Mitsubishi Electric | 1 Melsec Iq-f Series | 2025-09-02 | 7.5 High |
| Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product and stop the operations of programs by using the obtained credential information. | ||||
| CVE-2025-8741 | 1 Macrozheng | 1 Mall | 2025-09-02 | 3.7 Low |
| A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-9620 | 1 Redhat | 1 Ansible Automation Platform | 2025-08-30 | 5.3 Medium |
| A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases. | ||||
| CVE-2024-10973 | 1 Redhat | 3 Build Keycloak, Jboss Enterprise Application Platform, Jbosseapxp | 2025-08-30 | 5.7 Medium |
| A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information. | ||||
| CVE-2025-31972 | 2025-08-29 | 6.5 Medium | ||
| HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components. | ||||
| CVE-2025-25046 | 1 Ibm | 1 Infosphere Information Server | 2025-08-28 | 3.7 Low |
| IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques. | ||||
| CVE-2023-46380 | 1 Loytec | 10 L-inx Configurator, Linx-151, Linx-212 and 7 more | 2025-08-27 | 7.5 High |
| LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP. | ||||
| CVE-2024-6388 | 1 Canonical | 1 Ubuntu Advantage Desktop Daemon | 2025-08-27 | 5.9 Medium |
| Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext. | ||||
| CVE-2024-7713 | 1 Ays-pro | 2 Ai Chatbot With Chatgpt, Chatgpt Assistant | 2025-08-27 | 7.5 High |
| The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it | ||||
| CVE-2025-36034 | 1 Ibm | 1 Infosphere Information Server | 2025-08-26 | 5.3 Medium |
| IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques. | ||||
| CVE-2025-6180 | 1 Strongdm | 1 Sdm-cli | 2025-08-22 | N/A |
| The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition. | ||||
| CVE-2025-52351 | 2025-08-22 | 8.8 High | ||
| Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in password exposure via browser history, proxy logs, referrer headers, and email caching. The vulnerability impacts user credential confidentiality during initial onboarding. | ||||
| CVE-2025-57727 | 1 Jetbrains | 1 Intellij Idea | 2025-08-21 | 4.7 Medium |
| In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference | ||||
| CVE-2025-54156 | 1 Santesoft | 1 Sante Pacs Server | 2025-08-21 | 7.4 High |
| The Sante PACS Server Web Portal sends credential information without encryption. | ||||
| CVE-2025-0784 | 1 Intelbras | 2 Incontrol, Incontrol Web | 2025-08-20 | 3.7 Low |
| A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.59 is able to address this issue. It is recommended to upgrade the affected component. | ||||