Total
801 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34271 | 1 Nagios | 1 Log Server | 2025-11-06 | 9.8 Critical |
| Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network path can intercept credentials in transit. Captured credentials could allow the attacker to authenticate as a cluster node or service account, enabling further unauthorized access, lateral movement, or system compromise. | ||||
| CVE-2016-5597 | 2 Oracle, Redhat | 6 Jdk, Jre, Enterprise Linux and 3 more | 2025-11-04 | N/A |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking. | ||||
| CVE-2023-46385 | 1 Loytec | 1 L-inx Configurator | 2025-11-04 | 7.5 High |
| LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration. | ||||
| CVE-2023-46383 | 1 Loytec | 1 L-inx Configurator | 2025-11-04 | 7.5 High |
| LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration. | ||||
| CVE-2023-46382 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2025-11-04 | 7.5 High |
| LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login. | ||||
| CVE-2023-46380 | 1 Loytec | 10 L-inx Configurator, Linx-151, Linx-212 and 7 more | 2025-11-04 | 7.5 High |
| LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP. | ||||
| CVE-2023-39172 | 1 Enbw | 2 Senec Storage Box, Senec Storage Box Firmware | 2025-11-04 | 9.1 Critical |
| The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic. | ||||
| CVE-2020-10124 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2025-11-04 | 7.1 High |
| NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery. | ||||
| CVE-2025-55248 | 4 Apple, Linux, Microsoft and 1 more | 22 Macos, Linux Kernel, .net and 19 more | 2025-11-04 | 4.8 Medium |
| Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-53139 | 1 Microsoft | 11 Windows, Windows 10, Windows 10 21h2 and 8 more | 2025-11-04 | 7.7 High |
| Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2024-25735 | 1 Wyrestorm | 2 Apollo Vx20, Apollo Vx20 Firmware | 2025-11-04 | 9.1 Critical |
| An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request. | ||||
| CVE-2025-12508 | 2 Bizerba, Microsoft | 2 Brain2, Active Directory | 2025-11-04 | 8.4 High |
| When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality. | ||||
| CVE-2025-64389 | 1 Circutor | 1 Tcprs1plus | 2025-11-04 | N/A |
| The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol. | ||||
| CVE-2023-32328 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | 7.5 High |
| IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. | ||||
| CVE-2025-10540 | 1 Imonitor | 1 Imonitor Eam | 2025-11-03 | 6.5 Medium |
| iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication or encryption. An attacker with network access can intercept sensitive information (such as credentials, keylogger data, and personally identifiable information) and tamper with traffic. This allows both unauthorized disclosure and modification of data, including issuing arbitrary commands to client agents. | ||||
| CVE-2025-10641 | 1 Efficientlab | 1 Workexaminer Professional | 2025-11-03 | 7.1 High |
| All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit their data to the server using the unencrypted FTP. Clients connect to the FTP server on port 12304 and transmit the data unencrypted. In addition, all traffic between the console client and the server at port 12306 is unencrypted. | ||||
| CVE-2025-62643 | 2 Rbi, Restaurant Brands International | 2 Restaurant Brands International Assistant, Assistant Platform | 2025-10-31 | 3.4 Low |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages. | ||||
| CVE-2024-39746 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling Connect\, Sterling Connect Direct Web Services and 2 more | 2025-10-31 | 5.9 Medium |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-61481 | 1 Mikrotik | 2 Routeros, Switchos | 2025-10-30 | 10 Critical |
| An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials. | ||||
| CVE-2025-5270 | 1 Mozilla | 1 Firefox | 2025-10-30 | 7.5 High |
| In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability affects Firefox < 139 and Thunderbird < 139. | ||||