Total
813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32881 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | N/A | 4.3 MEDIUM |
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages. | |||||
| CVE-2025-32884 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | N/A | 4.3 MEDIUM |
| An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages. | |||||
| CVE-2025-32887 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | N/A | 7.1 HIGH |
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping. | |||||
| CVE-2022-30312 | 1 Honeywell | 10 Trend Iq411, Trend Iq411 Firmware, Trend Iq412 and 7 more | 2025-06-17 | N/A | 6.5 MEDIUM |
| The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller (IC) protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller (IC) protocol (57612/UDP). The potential impact is: Compromise of credentials. Several Trend Controls building automation controllers utilize the Inter-Controller (IC) protocol in for information exchange and automation purposes. This protocol offers authentication in the form of a 4-digit PIN in order to protect access to sensitive operations like strategy uploads and downloads as well as optional 0-30 character username and password protection for web page access protection. Both the PIN and usernames and passwords are transmitted in cleartext, allowing an attacker with passive interception capabilities to obtain these credentials. Credentials are transmitted in cleartext. An attacker who obtains Trend IC credentials can carry out sensitive engineering actions such as manipulating controller strategy or configuration settings. If the credentials in question are (re)used for other applications, their compromise could potentially facilitate lateral movement. | |||||
| CVE-2023-46889 | 1 Meross | 2 Msh30q, Msh30q Firmware | 2025-06-17 | N/A | 5.7 MEDIUM |
| Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it. | |||||
| CVE-2024-44105 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.2 HIGH |
| Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials. | |||||
| CVE-2025-5270 | 1 Mozilla | 1 Firefox | 2025-06-11 | N/A | 7.5 HIGH |
| In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability affects Firefox < 139 and Thunderbird < 139. | |||||
| CVE-2022-41545 | 1 Netgear | 2 C7800, C7800 Firmware | 2025-06-06 | N/A | 6.4 MEDIUM |
| The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transport security by default, this renders the administrative credentials vulnerable to eavesdropping by an adversary during every authenticated request made by a client to the router over a WLAN, or a LAN, should the adversary be able to perform a man-in-the-middle attack. | |||||
| CVE-2023-45716 | 1 Hcltech | 1 Sametime | 2025-06-03 | N/A | 1.7 LOW |
| Sametime is impacted by sensitive information passed in URL. | |||||
| CVE-2024-35060 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.5 HIGH |
| An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file. | |||||
| CVE-2024-35059 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.5 HIGH |
| An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands. | |||||
| CVE-2024-35058 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.5 HIGH |
| An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string. | |||||
| CVE-2024-35057 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.5 HIGH |
| An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2023-50614 | 1 Cdebyte | 2 E880-ir01, E880-ir01 Firmware | 2025-06-02 | N/A | 7.5 HIGH |
| An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci. | |||||
| CVE-2024-50624 | 2025-05-31 | N/A | 5.9 MEDIUM | ||
| ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard. | |||||
| CVE-2025-40583 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-05-30 | N/A | 4.4 MEDIUM |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext. This could allow a privileged local attacker to retrieve this sensitive information. | |||||
| CVE-2022-32857 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-29 | N/A | 4.3 MEDIUM |
| This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s activity. | |||||
| CVE-2019-6540 | 1 Medtronic | 46 Amplia Crt-d, Amplia Crt-d Firmware, Carelink 2090 and 43 more | 2025-05-22 | 3.3 LOW | 6.5 MEDIUM |
| The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data. | |||||
| CVE-2022-32227 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | N/A | 6.5 MEDIUM |
| A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product. | |||||
| CVE-2018-10634 | 1 Medtronic | 18 Minimed 530g Mmt-551, Minimed 530g Mmt-551 Firmware, Minimed 530g Mmt-751 and 15 more | 2025-05-22 | 2.9 LOW | 4.8 MEDIUM |
| Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers. | |||||