Total
735 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2069 | 3 Openldap, Padl, Redhat | 4 Openldap, Nss Ldap, Pam Ldap and 1 more | 2025-04-03 | N/A |
| pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. | ||||
| CVE-2005-3140 | 1 Procom | 2 Netforce 800, Netforce 800 Firmware | 2025-04-03 | 7.5 High |
| Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes. | ||||
| CVE-2002-1949 | 1 Iomega | 2 Nas A300u, Nas A300u Firmware | 2025-04-03 | 7.5 High |
| The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. | ||||
| CVE-2023-24440 | 1 Jenkins | 1 Jira Pipeline Steps | 2025-04-02 | 5.5 Medium |
| Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2021-39342 | 1 Credova | 1 Financial | 2025-03-31 | 5.3 Medium |
| The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8. | ||||
| CVE-2021-39341 | 1 Optinmonster | 1 Optinmonster | 2025-03-31 | 8.2 High |
| The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4. | ||||
| CVE-2025-23060 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-28 | 6.6 Medium |
| A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering. | ||||
| CVE-2024-44276 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-28 | 7.3 High |
| This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information. | ||||
| CVE-2024-45361 | 2025-03-27 | 6.5 Medium | ||
| A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information. | ||||
| CVE-2022-47714 | 1 Lastyard | 1 Last Yard | 2025-03-27 | 9.8 Critical |
| Last Yard 22.09.8-1 does not enforce HSTS headers | ||||
| CVE-2023-25016 | 1 Couchbase | 1 Couchbase Server | 2025-03-25 | 7.5 High |
| Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor. | ||||
| CVE-2025-2311 | 2025-03-21 | 9 Critical | ||
| Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411. | ||||
| CVE-2022-41545 | 2025-03-20 | 6.4 Medium | ||
| The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transport security by default, this renders the administrative credentials vulnerable to eavesdropping by an adversary during every authenticated request made by a client to the router over a WLAN, or a LAN, should the adversary be able to perform a man-in-the-middle attack. | ||||
| CVE-2025-25728 | 2025-03-19 | 6.5 Medium | ||
| Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were discovered to send communications to the update API in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack. | ||||
| CVE-2022-45546 | 1 Screencheck | 1 Badgemaker | 2025-03-19 | 7.5 High |
| Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing. | ||||
| CVE-2024-7531 | 2 Mozilla, Redhat | 3 Firefox, Firefox Esr, Rhel Aus | 2025-03-19 | 6.3 Medium |
| Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. | ||||
| CVE-2024-36558 | 2025-03-19 | 7.5 High | ||
| Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication. | ||||
| CVE-2024-7713 | 1 Ays-pro | 2 Ai Chatbot With Chatgpt, Chatgpt Assistant | 2025-03-18 | 7.5 High |
| The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it | ||||
| CVE-2024-36426 | 1 Targit | 1 Decision Suite 23.2.15007.0 | 2025-03-18 | 7.5 High |
| In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session. | ||||
| CVE-2024-31840 | 1 Italtel | 1 Embrace | 2025-03-14 | 6.5 Medium |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password. | ||||