CWE-311: CWE-311
Yearly Trend
Top Affected Vendors
All CWE-311 CVEs (45)
CVE-2023-6339 is a critical vulnerability in Google Nest WiFi Pro routers that allows remote attackers to execute arbitrary code with root privileges ...
Jan 2, 2024This critical vulnerability in Pebble Prism Ultra v2.9.2 allows attackers within Bluetooth range to execute arbitrary commands, intercept data, and hi...
Mar 4, 2026This vulnerability allows attackers to intercept and read files uploaded to Gradio servers when using the share=True option, as HTTPS is not enforced....
Oct 10, 2024MindsDB versions before 23.7.4.0 had disabled SSL certificate verification in requests, allowing man-in-the-middle attacks to intercept and potentiall...
Aug 4, 2023CVE-2021-27779 is a critical information disclosure vulnerability in HCL VersionVault Express that exposes sensitive information. Attackers can exploi...
May 25, 2022An insecure implementation of the proprietary DNET protocol in CGM MEDICO allows attackers on the same intranet to eavesdrop on and manipulate data tr...
Oct 8, 2025This vulnerability allows attackers to intercept and access sensitive information transmitted via insecure Shiro cookies in OpenDaylight SFC. Attacker...
Mar 24, 2025This CVE describes a vulnerability in Z-Wave devices using Silicon Labs 500 series chipsets that lack encryption and replay protection. Attackers can ...
Jan 10, 2022This CVE describes an access control vulnerability in Huawei's identity authentication module that could allow unauthorized access to sensitive inform...
Jan 8, 2025This vulnerability allows unencrypted transmission of sensitive data between Console and Dashboard components in Rockwell Automation products. Attacke...
Aug 14, 2024This vulnerability in twitch-tui allows attackers to intercept unencrypted communications between the application and Twitch IRC servers. All users ru...
Aug 4, 2023This vulnerability in KEISEI STORE's LIVRE KEISEI software version 13.6.1 allows remote attackers to access sensitive information through improper han...
Jul 13, 2023This vulnerability in Entetsu Store v.13.4.1 allows remote attackers to access sensitive information through the channel access token in the miniapp f...
Jul 13, 2023This vulnerability in Bitcoin Core allows attackers to manipulate memory to change transaction destination addresses, potentially redirecting Bitcoin ...
Jul 7, 2023BigAnt Server v5.6.06 contains an incorrect access control vulnerability that allows unauthorized users to bypass authentication mechanisms. This affe...
Apr 5, 2022This vulnerability in Jenkins Conjur Secrets Plugin allows attackers who control Jenkins agent processes to decrypt secrets stored in Jenkins that wer...
Jan 12, 2022This CVE describes a missing sensitive data encryption vulnerability in Huawei smartphones running HarmonyOS. Attackers could potentially access unenc...
Dec 8, 2021Apache Directory Studio versions 2.0.0.v20210213-M16 and earlier fail to apply StartTLS encryption when using SASL authentication mechanisms (DIGEST-M...
Jul 26, 2021This vulnerability affects Climatix POL909 building automation controllers. It allows unauthenticated attackers to intercept unencrypted web traffic, ...
Nov 9, 2021NASA AIT-Core v2.5.2 uses unencrypted network channels, enabling man-in-the-middle attacks. When combined with CVE-2024-35059, this allows unauthentic...
May 21, 2024This vulnerability involves misleading interface wording in ctrlX OS backup functionality that suggests backup files are encrypted when a password is ...
Aug 14, 2025The Jenkins Xooa Plugin 0.0.7 and earlier stores sensitive deployment tokens unencrypted in Jenkins configuration files. This allows attackers with fi...
Jul 9, 2025The Jenkins User1st uTester Plugin 1.1 and earlier stores JWT tokens unencrypted in global configuration files on the Jenkins controller. This allows ...
Jul 9, 2025The Jenkins Dead Man's Snitch Plugin 0.1 stores sensitive authentication tokens unencrypted in job configuration files. This allows users with Item/Ex...
Jul 9, 2025The Jenkins VAddy Plugin 1.2.8 and earlier stores VAddy API authentication keys unencrypted in job configuration files. This allows users with Item/Ex...
Jul 9, 2025This vulnerability allows attackers to eavesdrop on unencrypted network communications of Siemens SIRIUS safety systems. Attackers with network access...
May 13, 2025An authenticated attacker with Read-Only Administrator privileges in Cisco Identity Services Engine (ISE) can exploit improper data protection mechani...
Oct 2, 2024This vulnerability allows attackers to intercept credentials transmitted via unencrypted protocols, granting read-only access to network and terminal ...
Sep 5, 2024IBM Cognos Analytics Mobile for iOS versions 1.1.0 through 1.1.22 transmits data over unencrypted network connections, potentially exposing sensitive ...
Jul 21, 2025HCL BigFix SM has a cryptographic weakness due to weak or outdated encryption algorithms, allowing attackers with network access to potentially decryp...
Aug 28, 2025This vulnerability allows attackers on the same network segment to intercept unencrypted login credentials for Synology Active Backup for Business Age...
Sep 26, 2024A vulnerability in Samsung Exynos baseband software allows improper format type checking in RRC (Radio Resource Control) messages, potentially leading...
Jun 5, 2024This vulnerability allows local users on systems running Synology Active Backup for Business Agent to access unencrypted user credentials stored in se...
Sep 26, 2024This vulnerability in Siemens SmartClient modules allows authenticated attackers to access sensitive information due to inadequate encryption. Affecte...
Aug 12, 2025A physical security vulnerability in certain ThinkPlus USB drives allows unauthorized data access when an attacker has physical possession of the devi...
Jan 14, 2026The Meatmeet device's firmware lacks encryption, allowing attackers with physical access to extract Wi-Fi credentials via UART interface. This exposes...
Dec 10, 2025This vulnerability affects Arista CloudVision Appliance (CVA) DCA-350E-CV models where hardware disk encryption fails to activate properly, leaving da...
Jan 10, 2025The Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens in plaintext within job configuration files, allowing users with Item/Extended Read p...
Oct 29, 2025The Jenkins ByteGuard Build Actions Plugin 1.0 fails to mask API tokens in the job configuration form, potentially exposing sensitive credentials to u...
Oct 29, 2025The Jenkins Curseforge Publisher Plugin 1.0 stores API keys in plaintext within job configuration files, allowing users with Item/Extended Read permis...
Oct 29, 2025The Jenkins Curseforge Publisher Plugin 1.0 displays API keys in plain text on job configuration forms instead of masking them. This allows attackers ...
Oct 29, 2025The Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job configuration files, allowing users with Item/...
Oct 29, 2025This vulnerability allows man-in-the-middle attackers to intercept and potentially modify communications between ASUSTOR NAS devices and UPS servers d...
Dec 12, 2025The TP-Link VX800v v1.0 web interface transmits sensitive information over unencrypted HTTP connections due to missing application layer encryption. T...
Jan 29, 2026Growatt ShineLan-X and MIC 3300TL-X inverters lack encryption on their configuration interface, allowing network-accessible attackers to intercept and...
Dec 13, 2025About CWE-311 (CWE-311)
Our database tracks 45 CVEs classified as CWE-311, with 5 rated critical and 16 rated high severity. The average CVSS score for CWE-311 vulnerabilities is 6.6.
External reference: View CWE-311 on MITRE CWE →
Monitor CWE-311 Vulnerabilities
Get alerted when new CWE-311 CVEs affect your infrastructure.
Start Monitoring Free