Total
736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-26155 | 1 Etictelecom | 1 Remote Access Server Firmware | 2025-07-30 | N/A | 6.8 MEDIUM |
| All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device. | |||||
| CVE-2024-13872 | 1 Bitdefender | 2 Box, Box Firmware | 2025-07-30 | N/A | 7.5 HIGH |
| Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device. | |||||
| CVE-2021-39081 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-07-29 | N/A | 5.9 MEDIUM |
| IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-28786 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-07-25 | N/A | 6.5 MEDIUM |
| IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques. | |||||
| CVE-2025-53703 | 2025-07-25 | N/A | 7.5 HIGH | ||
| DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers. | |||||
| CVE-2025-0252 | 2025-07-25 | N/A | 2.6 LOW | ||
| HCL IEM is affected by a password in cleartext vulnerability. Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit. | |||||
| CVE-2025-0250 | 2025-07-25 | N/A | 2.2 LOW | ||
| HCL IEM is affected by an authorization token sent in cookie vulnerability. A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks. | |||||
| CVE-2025-44612 | 1 Tinxy | 2 Wifi Lock Controller V1 Rf, Wifi Lock Controller V1 Rf Firmware | 2025-07-22 | N/A | 5.9 MEDIUM |
| Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack. | |||||
| CVE-2025-2818 | 2025-07-17 | N/A | 3.5 LOW | ||
| A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect. | |||||
| CVE-2025-53756 | 2025-07-16 | N/A | N/A | ||
| This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of credentials in its web management interface. A remote attacker could exploit this vulnerability by intercepting the network traffic and capturing cleartext credentials. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted device. | |||||
| CVE-2025-44251 | 2025-07-15 | N/A | 7.5 HIGH | ||
| Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process. | |||||
| CVE-2024-41262 | 1 Codenotary | 1 Immudb | 2025-07-10 | N/A | 7.4 HIGH |
| mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, possibly allowing attackers to intercept communications via a man-in-the-middle attack. | |||||
| CVE-2025-26199 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-07-09 | N/A | 9.8 CRITICAL |
| CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and exploit administrative functions (e.g., file upload), this may lead to remote code execution depending on the environment. | |||||
| CVE-2025-32880 | 1 Yftech | 2 Coros Pace 3, Coros Pace 3 Firmware | 2025-07-08 | N/A | 9.8 CRITICAL |
| An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks. | |||||
| CVE-2024-40090 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2025-07-07 | N/A | 4.3 MEDIUM |
| Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page. | |||||
| CVE-2025-27457 | 2025-07-03 | N/A | 6.5 MEDIUM | ||
| All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data. | |||||
| CVE-2023-4509 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-07-02 | N/A | 4.3 MEDIUM |
| It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt. | |||||
| CVE-2024-6972 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-07-02 | N/A | 6.5 MEDIUM |
| In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text. | |||||
| CVE-2024-41927 | 1 Idec | 182 Ft1a-b12ra, Ft1a-b12ra Firmware, Ft1a-b24ra and 179 more | 2025-07-02 | N/A | 4.6 MEDIUM |
| Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated. | |||||
| CVE-2025-4227 | 1 Paloaltonetworks | 1 Globalprotect | 2025-06-27 | N/A | 3.5 LOW |
| An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute. | |||||