Search Results (912 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-1060 2026-04-15 7.5 High
CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker.
CVE-2025-10641 1 Efficientlab 1 Workexaminer Professional 2026-04-15 7.1 High
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit their data to the server using the unencrypted FTP. Clients connect to the FTP server on port 12304 and transmit the data unencrypted. In addition, all traffic between the console client and the server at port 12306 is unencrypted.
CVE-2025-27722 2026-04-15 5.9 Medium
Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information.
CVE-2020-36914 1 Qihang Media 1 Web Digital Signage 2026-04-15 7.5 High
QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse stored authentication credentials transmitted in an insecure manner.
CVE-2025-12508 2 Bizerba, Microsoft 2 Brain2, Active Directory 2026-04-15 8.4 High
When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.
CVE-2026-23662 1 Microsoft 1 Azure Iot Explorer 2026-04-14 7.5 High
Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-23661 1 Microsoft 1 Azure Iot Explorer 2026-04-14 7.5 High
Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2012-5562 1 Redhat 2 Network Proxy, Satellite 2026-04-09 8.6 High
A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties.
CVE-2026-4820 1 Ibm 1 Maximo Application Suite 2026-04-08 4.3 Medium
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
CVE-2023-53881 2 Ruijie, Ruijienetworks 2 Reyee Os, Reyee Os 2026-04-07 8.1 High
ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting the unprotected HTTP polling requests.
CVE-2023-53875 1 Gomlab 1 Gom Player 2026-04-07 8.8 High
GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server interaction.
CVE-2026-5115 1 Papercut 2 Papercut Mf, Papercut Mf Konica Minolta 2026-04-07 7.5 High
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an  attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.
CVE-2026-32745 1 Jetbrains 1 Datalore 2026-04-02 6.3 Medium
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings
CVE-2024-44276 1 Apple 2 Ipados, Iphone Os 2026-04-02 7.3 High
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information.
CVE-2026-32309 1 Cryptomator 1 Cryptomator 2026-03-27 7.5 High
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over plaintext HTTP or other insecure endpoint combinations. An active network attacker can tamper with or observe this traffic. Even when the vault key is encrypted for the device, bearer tokens and endpoint-level trust decisions are still exposed to downgrade and interception. This issue has been patched in version 1.19.1.
CVE-2025-64648 1 Ibm 1 Concert 2026-03-27 5.9 Medium
IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
CVE-2026-1014 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2026-03-27 6.5 Medium
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.
CVE-2026-20115 1 Cisco 1 Ios Xe Software 2026-03-26 6.1 Medium
A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by conducting an on-path attack between the affected device and the Cisco Meraki Dashboard. A successful exploit could allow the attacker to view sensitive device configuration information.
CVE-2026-24060 1 Automatedlogic 1 Webctrl Server 2026-03-25 9.1 Critical
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. The proprietary format used by WebCTRL to receive updates from the PLC can also be sniffed and reverse engineered.
CVE-2026-32838 2 Edimax, Edimax Technology 3 Gs-5008pl, Gs-5008pl Firmware, Edimax Gs-5008pl 2026-03-24 7.5 High
Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data.