Export limit exceeded: 16384 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (885 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32745 | 1 Jetbrains | 1 Datalore | 2026-04-02 | 6.3 Medium |
| In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings | ||||
| CVE-2024-44276 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-02 | 7.3 High |
| This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information. | ||||
| CVE-2026-32309 | 1 Cryptomator | 1 Cryptomator | 2026-03-27 | 7.5 High |
| Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over plaintext HTTP or other insecure endpoint combinations. An active network attacker can tamper with or observe this traffic. Even when the vault key is encrypted for the device, bearer tokens and endpoint-level trust decisions are still exposed to downgrade and interception. This issue has been patched in version 1.19.1. | ||||
| CVE-2025-64648 | 1 Ibm | 1 Concert | 2026-03-27 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2026-1014 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2026-03-27 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation. | ||||
| CVE-2026-20115 | 1 Cisco | 1 Ios Xe Software | 2026-03-26 | 6.1 Medium |
| A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by conducting an on-path attack between the affected device and the Cisco Meraki Dashboard. A successful exploit could allow the attacker to view sensitive device configuration information. | ||||
| CVE-2026-24060 | 1 Automatedlogic | 1 Webctrl Server | 2026-03-25 | 9.1 Critical |
| Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. The proprietary format used by WebCTRL to receive updates from the PLC can also be sniffed and reverse engineered. | ||||
| CVE-2026-32838 | 2 Edimax, Edimax Technology | 3 Gs-5008pl, Gs-5008pl Firmware, Edimax Gs-5008pl | 2026-03-24 | 7.5 High |
| Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data. | ||||
| CVE-2025-13718 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2026-03-23 | 3.7 Low |
| IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. | ||||
| CVE-2025-70048 | 2 Nexus, Nexusoft | 2 Nexusinterface, Nexusinterface | 2026-03-13 | 7.5 High |
| An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2. | ||||
| CVE-2025-69969 | 2 Pebblepower, Powertech | 3 Pebble Prism Ultra, Pebble Prism Ultra Firmware, Pebble Prism Ultra | 2026-03-09 | 9.6 Critical |
| A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services. | ||||
| CVE-2024-43766 | 1 Google | 1 Android | 2026-03-06 | 6.5 Medium |
| In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-66604 | 1 Yokogawa | 2 Fast/tools, Fast\/tools | 2026-03-05 | 5.3 Medium |
| A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | ||||
| CVE-2025-13490 | 1 Ibm | 3 App Connect Enterprise Certified Containers Operands, App Connect Enterprisecertified Containers Operands, App Connect Operator | 2026-03-04 | 5.9 Medium |
| IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques. | ||||
| CVE-2025-58107 | 1 Microsoft | 4 Exchange, Exchange Server, Exchange Server 2016 and 1 more | 2026-03-03 | 7.5 High |
| In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password. | ||||
| CVE-2025-27903 | 1 Ibm | 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw | 2026-02-26 | 5.9 Medium |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-53139 | 1 Microsoft | 17 Windows, Windows 10, Windows 10 21h2 and 14 more | 2026-02-26 | 7.7 High |
| Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-11492 | 1 Connectwise | 1 Automate | 2026-02-26 | 9.6 Critical |
| In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some communications over the HTTP channel is updated in the Automate 2025.9 patch to enforce HTTPS for all agent communications. | ||||
| CVE-2025-13454 | 1 Lenovo | 8 Thinkplus Fu100, Thinkplus Fu100 Firmware, Thinkplus Fu200 and 5 more | 2026-02-25 | 5.5 Medium |
| A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information. | ||||
| CVE-2023-23841 | 1 Solarwinds | 1 Serv-u | 2026-02-25 | 7.5 High |
| SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data. | ||||