Total
640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47714 | 1 Lastyard | 1 Last Yard | 2025-03-27 | N/A | 9.8 CRITICAL |
| Last Yard 22.09.8-1 does not enforce HSTS headers | |||||
| CVE-2023-25016 | 1 Couchbase | 1 Couchbase Server | 2025-03-25 | N/A | 7.5 HIGH |
| Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor. | |||||
| CVE-2022-45546 | 1 Screencheck | 1 Badgemaker | 2025-03-19 | N/A | 7.5 HIGH |
| Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing. | |||||
| CVE-2024-7713 | 1 Ays-pro | 1 Chatgpt Assistant | 2025-03-18 | N/A | 7.5 HIGH |
| The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it | |||||
| CVE-2024-31840 | 1 Italtel | 1 Embrace | 2025-03-14 | N/A | 6.5 MEDIUM |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password. | |||||
| CVE-2023-23914 | 3 Haxx, Netapp, Splunk | 12 Curl, Active Iq Unified Manager, Clustered Data Ontap and 9 more | 2025-03-12 | N/A | 9.1 CRITICAL |
| A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. | |||||
| CVE-2024-53246 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-10 | N/A | 7.5 HIGH |
| In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation. | |||||
| CVE-2025-24849 | 2025-02-28 | N/A | N/A | ||
| Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure. | |||||
| CVE-2025-0556 | 1 Progress | 1 Telerik Report Server | 2025-02-20 | N/A | 6.5 MEDIUM |
| In ProgressĀ® TelerikĀ® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing. | |||||
| CVE-2023-0922 | 1 Samba | 1 Samba | 2025-02-13 | N/A | 5.9 MEDIUM |
| The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. | |||||
| CVE-2025-1060 | 2025-02-13 | N/A | N/A | ||
| CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker. | |||||
| CVE-2023-30515 | 1 Jenkins | 1 Thycotic Devops Secrets Vault | 2025-02-07 | N/A | 7.5 HIGH |
| Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | |||||
| CVE-2023-30513 | 1 Jenkins | 1 Kubernetes | 2025-02-07 | N/A | 7.5 HIGH |
| Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | |||||
| CVE-2023-30514 | 1 Jenkins | 1 Azure Key Vault | 2025-02-07 | N/A | 7.5 HIGH |
| Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | |||||
| CVE-2024-4161 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | N/A | 7.5 HIGH |
| In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information. | |||||
| CVE-2019-14942 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 5.9 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP. | |||||
| CVE-2024-49387 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 7.5 HIGH |
| Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2023-25437 | 1 Vtech | 2 Vcs754a, Vcs754a Firmware | 2025-01-31 | N/A | 8.8 HIGH |
| An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML. | |||||
| CVE-2023-29681 | 1 Tenda | 2 N301, N301 Firmware | 2025-01-30 | N/A | 5.7 MEDIUM |
| Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | |||||
| CVE-2023-29680 | 1 Tenda | 2 N301, N301 Firmware | 2025-01-30 | N/A | 5.7 MEDIUM |
| Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | |||||