Total
750 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-45080 | 2025-07-03 | 8.8 High | ||
| YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypted communicatons, possibly allowing attackers to execute a man-in-the-middle attack. | ||||
| CVE-2025-27457 | 2025-07-03 | 6.5 Medium | ||
| All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data. | ||||
| CVE-2023-4509 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-07-02 | 4.3 Medium |
| It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt. | ||||
| CVE-2024-6972 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-07-02 | 6.5 Medium |
| In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text. | ||||
| CVE-2024-41927 | 1 Idec | 182 Ft1a-b12ra, Ft1a-b12ra Firmware, Ft1a-b24ra and 179 more | 2025-07-02 | 4.6 Medium |
| Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated. | ||||
| CVE-2025-4227 | 2 Palo Alto Networks, Paloaltonetworks | 2 Globalprotect App, Globalprotect | 2025-06-27 | 3.5 Low |
| An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtectâ„¢ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute. | ||||
| CVE-2024-10718 | 1 Phpipam | 1 Phpipam | 2025-06-27 | 7.5 High |
| In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0. | ||||
| CVE-2025-5087 | 2025-06-26 | N/A | ||
| Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can extract sensitive information, including plaintext credentials. | ||||
| CVE-2025-4378 | 2025-06-26 | 10 Critical | ||
| Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass.This issue affects ATA-AOF Mobile Application: before 20.06.2025. | ||||
| CVE-2025-36034 | 1 Ibm | 1 Infosphere Information Server | 2025-06-26 | 5.3 Medium |
| IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques. | ||||
| CVE-2025-32880 | 2025-06-24 | 9.8 Critical | ||
| An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks. | ||||
| CVE-2025-27622 | 1 Jenkins | 1 Jenkins | 2025-06-24 | 4.3 Medium |
| Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets. | ||||
| CVE-2025-26199 | 2025-06-23 | 9.8 Critical | ||
| CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and exploit administrative functions (e.g., file upload), this may lead to remote code execution depending on the environment. | ||||
| CVE-2024-45361 | 2025-06-23 | 6.5 Medium | ||
| A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information. | ||||
| CVE-2023-46447 | 1 Popsdiabetes | 1 Rebel | 2025-06-20 | 4.3 Medium |
| The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE. | ||||
| CVE-2023-42144 | 1 Shelly | 2 Trv, Trv Firmware | 2025-06-20 | 5.5 Medium |
| Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password. | ||||
| CVE-2025-32881 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | 4.3 Medium |
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages. | ||||
| CVE-2025-32884 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | 4.3 Medium |
| An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages. | ||||
| CVE-2025-32887 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | 7.1 High |
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping. | ||||
| CVE-2025-44612 | 1 Tinxy | 2 Wifi Lock Controller, Wifi Lock Controller Firmware | 2025-06-19 | 5.9 Medium |
| Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack. | ||||