Total
717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3206 | 1 Passster Project | 1 Passster | 2025-05-14 | N/A | 5.9 MEDIUM |
| The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked. | |||||
| CVE-2024-12378 | 2025-05-12 | N/A | 9.1 CRITICAL | ||
| On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear. | |||||
| CVE-2025-27720 | 2025-05-12 | N/A | 7.4 HIGH | ||
| The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials. | |||||
| CVE-2025-47419 | 2025-05-07 | N/A | N/A | ||
| Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49. | |||||
| CVE-2024-0220 | 1 Br-automation | 2 Automation Studio, Technology Guarding | 2025-05-06 | N/A | 8.3 HIGH |
| B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. | |||||
| CVE-2022-0005 | 1 Intel | 918 Celeron G5205u, Celeron G5205u Firmware, Celeron G5305u and 915 more | 2025-05-05 | 2.1 LOW | 2.4 LOW |
| Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access. | |||||
| CVE-2022-33321 | 1 Mitsubishielectric | 356 Ma-ew85s-e, Ma-ew85s-e Firmware, Ma-ew85s-uk and 353 more | 2025-05-01 | N/A | 9.8 CRITICAL |
| Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section. | |||||
| CVE-2024-43432 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 5.3 MEDIUM |
| A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. | |||||
| CVE-2024-25650 | 1 Delinea | 2 Distributed Engine, Secret Server | 2025-05-01 | N/A | 5.9 MEDIUM |
| Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application. | |||||
| CVE-2021-38828 | 1 Xiongmaitech | 2 Xm-jpr2-lx, Xm-jpr2-lx Firmware | 2025-04-30 | N/A | 5.3 MEDIUM |
| Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing. | |||||
| CVE-2022-43691 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | N/A | 5.3 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production. | |||||
| CVE-2022-44411 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2025-04-29 | N/A | 7.5 HIGH |
| Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack. | |||||
| CVE-2025-25046 | 2025-04-29 | N/A | 3.7 LOW | ||
| IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques. | |||||
| CVE-2022-45480 | 1 Beappsmobile | 1 Pc Keyboard Wifi \& Bluetooth | 2025-04-24 | N/A | 5.9 MEDIUM |
| PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | |||||
| CVE-2022-45483 | 1 Lazy Mouse Project | 1 Lazy Mouse | 2025-04-24 | N/A | 5.9 MEDIUM |
| Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | |||||
| CVE-2022-45478 | 1 Telepad-app | 1 Telepad | 2025-04-23 | N/A | 5.9 MEDIUM |
| Telepad allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | |||||
| CVE-2025-43013 | 1 Jetbrains | 1 Toolbox | 2025-04-23 | N/A | 6.9 MEDIUM |
| In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible | |||||
| CVE-2022-46685 | 1 Gitea | 1 Gitea | 2025-04-23 | N/A | 4.3 MEDIUM |
| In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log. | |||||
| CVE-2025-32793 | 2025-04-23 | N/A | 4.0 MEDIUM | ||
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue. | |||||
| CVE-2025-42603 | 2025-04-23 | N/A | N/A | ||
| This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response that contains unencrypted sensitive information belonging to other users. Successful exploitation of this vulnerability could allow remote attacker to impersonate the target user and gain unauthorized access to the user account. | |||||