Medium
CVSS: 6.7
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext.
This could allow a privileged lo…
Critical
CVSS: 9.3
The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.
Critical
CVSS: 9.1
On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.
Critical
CVSS: 10.0
Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.
The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user p…
High
CVSS: 7.1
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping.
Medium
CVSS: 4.3
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to i…
Medium
CVSS: 4.3
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to i…
Low
CVSS: 3.7
IBM InfoSphere Information Server 11.7 DataStage Flow Designer
transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.
High
CVSS: 8.7
This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting…
Medium
CVSS: 4.0
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, p…
Medium
CVSS: 6.9
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
Medium
CVSS: 4.7
Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server.
Medium
CVSS: 5.9
Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentic…
Medium
CVSS: 6.8
SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confid…
Medium
CVSS: 6.9
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an att…
Medium
CVSS: 6.5
A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information.
Critical
CVSS: 9.0
Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authenti…
High
CVSS: 7.3
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information.
High
CVSS: 7.5
The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to…
Critical
CVSS: 9.4
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /s…