Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-55844

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-29 Jun, 2026 | 14:19
Updated At-30 Jun, 2026 | 19:02
Rejected At-
Credits

Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possible leak of access token and sensor data

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to be used, it fallbacks to the internal URL as well, which can expose user's token when connected to a not secure network. This vulnerability is fixed in 2025.5.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:29 Jun, 2026 | 14:19
Updated At:30 Jun, 2026 | 19:02
Rejected At:
▼CVE Numbering Authority (CNA)
Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possible leak of access token and sensor data

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to be used, it fallbacks to the internal URL as well, which can expose user's token when connected to a not secure network. This vulnerability is fixed in 2025.5.0.

Affected Products
Vendor
home-assistant
Product
core
Versions
Affected
  • < 2025.5.0
Problem Types
TypeCWE IDDescription
CWECWE-319CWE-319: Cleartext Transmission of Sensitive Information
Type: CWE
CWE ID: CWE-319
Description: CWE-319: Cleartext Transmission of Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/home-assistant/core/security/advisories/GHSA-cm5v-547m-qh5h
x_refsource_CONFIRM
Hyperlink: https://github.com/home-assistant/core/security/advisories/GHSA-cm5v-547m-qh5h
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/home-assistant/core/security/advisories/GHSA-cm5v-547m-qh5h
exploit
Hyperlink: https://github.com/home-assistant/core/security/advisories/GHSA-cm5v-547m-qh5h
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:29 Jun, 2026 | 15:16
Updated At:30 Jun, 2026 | 20:17

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to be used, it fallbacks to the internal URL as well, which can expose user's token when connected to a not secure network. This vulnerability is fixed in 2025.5.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-319Secondarysecurity-advisories@github.com
CWE ID: CWE-319
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/home-assistant/core/security/advisories/GHSA-cm5v-547m-qh5hsecurity-advisories@github.com
N/A
https://github.com/home-assistant/core/security/advisories/GHSA-cm5v-547m-qh5h134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/home-assistant/core/security/advisories/GHSA-cm5v-547m-qh5h
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/home-assistant/core/security/advisories/GHSA-cm5v-547m-qh5h
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

223Records found

CVE-2020-36517
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.85% / 85.00%
||
7 Day CHG~0.00%
Published-07 Mar, 2022 | 21:08
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.

Action-Not Available
Vendor-home-assistantn/a
Product-home-assistantn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2018-21019
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.68% / 74.06%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 15:14
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.

Action-Not Available
Vendor-home-assistantn/a
Product-home-assistantn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-41718
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.24% / 14.56%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 08:25
Updated-14 Oct, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Murrelektronik: Unprotected Transport of Credentials

A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI.

Action-Not Available
Vendor-Murrelektronik
Product-Firmware Impact67 Pro 54630Firmware Impact67 Pro 54631Firmware Impact67 Pro 54632Firmware Impact67 Pro 54620
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2005-3140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.86% / 76.60%
||
7 Day CHG~0.00%
Published-05 Oct, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes.

Action-Not Available
Vendor-procomn/a
Product-netforce_800netforce_800_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-43013
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-6.9||MEDIUM
EPSS-0.13% / 3.23%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:56
Updated-23 Apr, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-toolboxToolbox App
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-19898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 49.08%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 20:54
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely.

Action-Not Available
Vendor-ixpdatan/a
Product-easyinstalln/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-5115
Matching Score-4
Assigner-PaperCut Software Pty Ltd
ShareView Details
Matching Score-4
Assigner-PaperCut Software Pty Ltd
CVSS Score-3.6||LOW
EPSS-0.16% / 5.42%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 00:54
Updated-03 Apr, 2026 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Session hijacking in PaperCut NG/MF embedded application for Konica Minolta devices

The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an  attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.

Action-Not Available
Vendor-PaperCut Software Pty Ltd
Product-papercut_mf_konica_minoltapapercut_mfPapercut NG/MF
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-19889
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 61.55%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 18:52
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf.

Action-Not Available
Vendor-humaxdigitaln/a
Product-hgb10r-02_firmwarehgb10r-02n/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-49486
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.26% / 17.76%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:05
Updated-26 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)

The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using `FTPSHook` or `FTPSFileTransmitOperator` to move files over FTPS exposed file contents and credentials-in-transit to a network attacker able to observe the data connection. Upgrade apache-airflow-providers-ftp to `3.15.1` or later, which issues `PROT P` to encrypt the data channel.

Action-Not Available
Vendor-The Apache Software Foundation
Product-apache-airflow-providers-ftpApache Airflow FTP provider
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-20061
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.90% / 55.25%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 12:19
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password.

Action-Not Available
Vendor-mfscriptsn/a
Product-yetisharen/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-19316
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.00% / 58.45%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 20:50
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-terraformn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-26077
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.36%
||
7 Day CHG~0.00%
Published-25 May, 2022 | 20:15
Updated-15 Apr, 2025 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

Action-Not Available
Vendor-openautomationsoftwareOpen Automation Software
Product-oas_platformOAS Platform
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-13787
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.90% / 55.38%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 16:22
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-865l_firmwaredir-865ln/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-19967
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 56.97%
||
7 Day CHG~0.00%
Published-25 Dec, 2019 | 21:20
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI.

Action-Not Available
Vendor-upcn/a
Product-connect_box_eurodocsisconnect_box_eurodocsis_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-19890
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.99% / 58.13%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 18:53
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP.

Action-Not Available
Vendor-humaxdigitaln/a
Product-hgb10r-02_firmwarehgb10r-02n/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2002-1949
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.20% / 64.52%
||
7 Day CHG~0.00%
Published-28 Jun, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.

Action-Not Available
Vendor-iomegan/a
Product-nas_a300u_firmwarenas_a300un/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-45180
Matching Score-4
Assigner-CPAN Security Group
ShareView Details
Matching Score-4
Assigner-CPAN Security Group
CVSS Score-7.5||HIGH
EPSS-0.24% / 15.49%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 20:03
Updated-12 May, 2026 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked. This may allow an attacker to use session ids as authentication tokens.

Action-Not Available
Vendor-RRWO
Product-Catalyst::Plugin::Statsd
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-10624
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.20%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 16:22
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-controledge_plccontroledge_rtucontroledge_plc_firmwarecontroledge_rtu_firmwareControlEdge RTUControlEdge PLC
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-36274
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 9.18%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 14:14
Updated-11 Dec, 2025 | 22:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera HTTP Gateway information disclosure

IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_http_gatewayAspera HTTP Gateway
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-36107
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.23% / 13.55%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 18:07
Updated-18 Aug, 2025 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics Mobile (iOS) information disclosure

IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_analytics_mobileCognos Analytics Mobile
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-43503
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-3.5||LOW
EPSS-0.31% / 22.65%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 11:03
Updated-08 Jan, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP.

Action-Not Available
Vendor-Siemens AG
Product-comosCOMOS
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-42147
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 28.33%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component.

Action-Not Available
Vendor-n/aFIT2CLOUD Inc.
Product-cloudexplorer_liten/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-18201
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.23% / 65.14%
||
7 Day CHG~0.00%
Published-24 Oct, 2019 | 14:19
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on sensitive data such as passwords.

Action-Not Available
Vendor-n/aFujitsu Limited
Product-lx390_firmwarelx390n/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-18231
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.29%
||
7 Day CHG~0.00%
Published-17 Mar, 2021 | 18:12
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-spectre_rt_ert351_firmwarespectre_rt_ert351Advantech Spectre RT ERT351
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-16063
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 47.29%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 22:21
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data.

Action-Not Available
Vendor-netsasn/a
Product-enigma_network_management_solutionn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-16067
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.59%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 17:56
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit.

Action-Not Available
Vendor-netsasn/a
Product-enigma_network_management_solutionn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-2861
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.9||MEDIUM
EPSS-0.23% / 13.25%
||
7 Day CHG+0.02%
Published-28 Mar, 2025 | 13:11
Updated-10 Oct, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext Transmission of Sensitive Information vulnerability in saTECH BCU

SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately.

Action-Not Available
Vendor-artecheArteche
Product-satech_bcusatech_bcu_firmwaresaTECH BCU
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-27457
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 14.60%
||
7 Day CHG~0.00%
Published-03 Jul, 2025 | 11:32
Updated-06 Feb, 2026 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-27457

All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data.

Action-Not Available
Vendor-endressEndress+Hauser
Product-meac300-fnade4meac300-fnade4_firmwareEndress+Hauser MEAC300-FNADE4
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-27594
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.83%
||
7 Day CHG~0.00%
Published-14 Mar, 2025 | 12:50
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unencrypted transmission of password hash

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack.

Action-Not Available
Vendor-SICK AG
Product-SICK DL100-2xxxxxxx
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-2083
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.58% / 43.63%
||
7 Day CHG~0.00%
Published-05 Sep, 2022 | 12:35
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Single Sign On <= 4.1.0 - Authentication Bypass

The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site.

Action-Not Available
Vendor-simple_sign_on_projectUnknown
Product-simple_sign_onSimple Single Sign On
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-2005
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.37%
||
7 Day CHG+0.02%
Published-31 Aug, 2022 | 15:33
Updated-16 Apr, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AutomationDirect C-more EA9 HMI Cleartext Transmission

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73;

Action-Not Available
Vendor-AutomationDirect
Product-c-more_ea9-t6clc-more_ea9-t6cl-r_firmwarec-more_ea9-t10wclc-more_ea9-t12cl_firmwarec-more_ea9-pgmswc-more_ea9-rhmic-more_ea9-t10clc-more_ea9-t7cl-rc-more_ea9-t8cl_firmwarec-more_ea9-t15cl-r_firmwarec-more_ea9-t10wcl_firmwarec-more_ea9-t15cl-rc-more_ea9-t15cl_firmwarec-more_ea9-t15clc-more_ea9-pgmsw_firmwarec-more_ea9-t6cl-rc-more_ea9-rhmi_firmwarec-more_ea9-t10cl_firmwarec-more_ea9-t12clc-more_ea9-t7clc-more_ea9-t7cl_firmwarec-more_ea9-t8clc-more_ea9-t7cl-r_firmwarec-more_ea9-t6cl_firmwareC-more EA9
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-16274
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 47.62%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 19:52
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP.

Action-Not Available
Vendor-dtenn/a
Product-d7d5_firmwared5d7_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-0988
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.1||HIGH
EPSS-0.50% / 39.01%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 18:02
Updated-16 Apr, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIAEnergie CLEARTEXT Transmission of Sensitive Information

Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-diaenergieDIAEnergie
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-45735
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.80% / 88.69%
||
7 Day CHG+0.06%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x5000r_firmwarex5000rn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-45447
Matching Score-4
Assigner-Hitachi Vantara
ShareView Details
Matching Score-4
Assigner-Hitachi Vantara
CVSS Score-7.7||HIGH
EPSS-0.30% / 21.87%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 14:56
Updated-02 May, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pentaho Business Analytics Server - With the Data Lineage feature enabled, the system transmits database passwords in clear text

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.   The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access.

Action-Not Available
Vendor-Hitachi Vantara LLCHitachi, Ltd.
Product-vantara_pentahoPentaho Business Analytics Server
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-45100
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.91% / 55.41%
||
7 Day CHG~0.00%
Published-16 Dec, 2021 | 04:37
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.

Action-Not Available
Vendor-ksmbd_projectn/aNetApp, Inc.Linux Kernel Organization, Inc
Product-h300eh500sh410c_firmwareh300s_firmwareh410sksmbdh300sh300e_firmwarelinux_kernelh500eh410s_firmwareh700s_firmwareh500s_firmwareh500e_firmwareh700eh410ch700e_firmwareh700sn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2014-5380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.34% / 90.02%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 12:55
Updated-06 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grand MA 300 allows retrieval of the access PIN from sniffed data.

Action-Not Available
Vendor-grandingn/a
Product-grand_ma300grand_ma300_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-3763
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.7||LOW
EPSS-0.52% / 40.24%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 07:00
Updated-02 Aug, 2024 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Intergard SGS SQL Query cleartext transmission

A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-intergardIntergard
Product-smartgard_silver_with_matrix_keyboardSGS
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-3761
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.7||LOW
EPSS-0.40% / 32.23%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 06:00
Updated-02 Aug, 2024 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Intergard SGS Password Change cleartext transmission

A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Password Change Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-234446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-intergardIntergard
Product-smartgard_silver_with_matrix_keyboardSGS
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-13718
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.18% / 8.06%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 18:33
Updated-18 Mar, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Partner Engagement Manager Information Disclosure

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-linux_kernelsterling_partner_engagement_managerSterling Partner Engagement Manager
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-15626
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.5||HIGH
EPSS-1.75% / 75.19%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 19:09
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-deep_securityDeep Security Manager
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-34142
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||CRITICAL
EPSS-0.29% / 20.28%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 02:02
Updated-28 Oct, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext Transmission Vulnerability in Hitachi Device Manager

Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02.

Action-Not Available
Vendor-Linux Kernel Organization, IncHitachi, Ltd.Microsoft Corporation
Product-windowsdevice_managerlinux_kernelHitachi Device Managerdevice_manager
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-32838
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.14% / 3.88%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 21:42
Updated-08 May, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data.

Action-Not Available
Vendor-Edimax Technology Company Ltd.
Product-gs-5008pl_firmwaregs-5008plEdimax GS-5008PL
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-32309
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.20% / 10.53%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 18:19
Updated-27 Mar, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over plaintext HTTP or other insecure endpoint combinations. An active network attacker can tamper with or observe this traffic. Even when the vault key is encrypted for the device, bearer tokens and endpoint-level trust decisions are still exposed to downgrade and interception. This issue has been patched in version 1.19.1.

Action-Not Available
Vendor-cryptomatorcryptomator
Product-cryptomatorcryptomator
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-4258
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.7||LOW
EPSS-0.38% / 30.00%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
whohas Package Information cleartext transmission

A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack.

Action-Not Available
Vendor-whohas_projectunspecified
Product-whohaswhohas
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-310
Not Available
CVE-2023-31300
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 28.00%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 00:00
Updated-17 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature.

Action-Not Available
Vendor-sesamin/a
Product-cash_point_\&_transport_optimizern/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-30514
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-7.5||HIGH
EPSS-0.48% / 37.97%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 17:05
Updated-07 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

Action-Not Available
Vendor-Jenkins
Product-azure_key_vaultJenkins Azure Key Vault Plugin
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-30515
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-7.5||HIGH
EPSS-0.40% / 31.91%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 17:05
Updated-07 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

Action-Not Available
Vendor-Jenkins
Product-thycotic_devops_secrets_vaultJenkins Thycotic DevOps Secrets Vault Plugin
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-31923
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.25% / 16.18%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 08:38
Updated-17 Apr, 2026 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache APISIX: Openid-connect `tls_verify` field is disabled by default

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-apisixApache APISIX
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-28616
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 21.26%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-20 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.

Action-Not Available
Vendor-stormshieldn/a
Product-stormshield_network_securityn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found