Total
735 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2485 | 1 Automationdirect | 20 Sio-mb04ads, Sio-mb04ads Firmware, Sio-mb04das and 17 more | 2025-04-16 | 9.6 Critical |
| Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets. | ||||
| CVE-2021-41835 | 1 Fresenius-kabi | 7 Agilia Connect, Agilia Partner Maintenance Software, Link\+ Agilia and 4 more | 2025-04-16 | 7.3 High |
| Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service. | ||||
| CVE-2021-27422 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2025-04-16 | 7.5 High |
| GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication. | ||||
| CVE-2022-0988 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 7.1 High |
| Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. | ||||
| CVE-2021-33022 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-16 | 7.5 High |
| Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | ||||
| CVE-2021-32982 | 1 Automationdirect | 40 C0-10are-d, C0-10are-d Firmware, C0-10dd1e-d and 37 more | 2025-04-16 | 7.5 High |
| Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange. | ||||
| CVE-2021-32934 | 1 Throughtek | 1 Kalay P2p Software Development Kit | 2025-04-16 | 9.1 Critical |
| The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds. | ||||
| CVE-2021-32966 | 1 Philips | 1 Interoperability Solution Xds | 2025-04-16 | 3.7 Low |
| Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. | ||||
| CVE-2022-2338 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2025-04-16 | 5.7 Medium |
| Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server. | ||||
| CVE-2022-2005 | 1 Automationdirect | 24 C-more Ea9-pgmsw, C-more Ea9-pgmsw Firmware, C-more Ea9-rhmi and 21 more | 2025-04-16 | 7.5 High |
| AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73; | ||||
| CVE-2022-41627 | 1 Alivecor | 6 Kardiamobile, Kardiamobile 6l, Kardiamobile 6l Firmware and 3 more | 2025-04-16 | 4.8 Medium |
| The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves. | ||||
| CVE-2022-41636 | 1 Haascnc | 1 Haas Controller | 2025-04-16 | 9.1 Critical |
| Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller. | ||||
| CVE-2022-22758 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-16 | 8.8 High |
| When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | ||||
| CVE-2021-40392 | 1 Moxa | 1 Mxview | 2025-04-15 | 7.5 High |
| An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability. | ||||
| CVE-2022-26077 | 1 Openautomationsoftware | 1 Oas Platform | 2025-04-15 | 7.5 High |
| A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | ||||
| CVE-2022-21184 | 1 Atvise | 1 Atvise | 2025-04-15 | 5.9 Medium |
| An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | ||||
| CVE-2022-47895 | 1 Jetbrains | 1 Intellij Idea | 2025-04-15 | 4.7 Medium |
| In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files. | ||||
| CVE-2017-20109 | 1 Calabrio | 1 Teleopti Workforce Management | 2025-04-15 | 4.3 Medium |
| A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2022-22457 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2025-04-15 | 5.3 Medium |
| IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007. | ||||
| CVE-2021-4258 | 1 Whohas Project | 1 Whohas | 2025-04-15 | 3.7 Low |
| A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack. | ||||