Total
750 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3329 | 1 Consumer | 1 Comanda Mobile | 2025-04-08 | 3.1 Low |
| A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-22863 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2025-04-03 | 5.9 Medium |
| IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109. | ||||
| CVE-2025-2861 | 2025-04-03 | N/A | ||
| SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately. | ||||
| CVE-2004-1852 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2025-04-03 | N/A |
| DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information. | ||||
| CVE-2005-2069 | 3 Openldap, Padl, Redhat | 4 Openldap, Nss Ldap, Pam Ldap and 1 more | 2025-04-03 | N/A |
| pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. | ||||
| CVE-2005-3140 | 1 Procom | 2 Netforce 800, Netforce 800 Firmware | 2025-04-03 | 7.5 High |
| Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes. | ||||
| CVE-2002-1949 | 1 Iomega | 2 Nas A300u, Nas A300u Firmware | 2025-04-03 | 7.5 High |
| The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. | ||||
| CVE-2023-24440 | 1 Jenkins | 1 Jira Pipeline Steps | 2025-04-02 | 5.5 Medium |
| Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2021-39342 | 1 Credova | 1 Financial | 2025-03-31 | 5.3 Medium |
| The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8. | ||||
| CVE-2021-39341 | 1 Optinmonster | 1 Optinmonster | 2025-03-31 | 8.2 High |
| The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4. | ||||
| CVE-2025-23060 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-28 | 6.6 Medium |
| A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering. | ||||
| CVE-2024-44276 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-28 | 7.3 High |
| This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information. | ||||
| CVE-2022-47714 | 1 Lastyard | 1 Last Yard | 2025-03-27 | 9.8 Critical |
| Last Yard 22.09.8-1 does not enforce HSTS headers | ||||
| CVE-2023-25016 | 1 Couchbase | 1 Couchbase Server | 2025-03-25 | 7.5 High |
| Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor. | ||||
| CVE-2025-2311 | 2025-03-21 | 9 Critical | ||
| Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411. | ||||
| CVE-2025-25728 | 2025-03-19 | 6.5 Medium | ||
| Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were discovered to send communications to the update API in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack. | ||||
| CVE-2022-45546 | 1 Screencheck | 1 Badgemaker | 2025-03-19 | 7.5 High |
| Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing. | ||||
| CVE-2024-7531 | 2 Mozilla, Redhat | 3 Firefox, Firefox Esr, Rhel Aus | 2025-03-19 | 6.3 Medium |
| Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. | ||||
| CVE-2024-36558 | 2025-03-19 | 7.5 High | ||
| Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication. | ||||
| CVE-2024-7713 | 1 Ays-pro | 2 Ai Chatbot With Chatgpt, Chatgpt Assistant | 2025-03-18 | 7.5 High |
| The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it | ||||