Login Sign Up

CWE-319: CWE-319

172
Total CVEs
24
Critical
95
High
7.4
Avg CVSS

Yearly Trend

2026
19
2025
57
2024
33
2023
29
2022
13

Top Affected Vendors

1 Ibm 10
2 Moxa 4
3 Gotenna 4
4 Dell 4
5 Sick 4
6 Netgear 4
7 Loytec 2
8 Netapp 2
9 Sauter Controls 2
10 Microsoft 2

All CWE-319 CVEs (172)

CVE-2025-34271
9.8

Nagios Log Server versions before 2024R2.0.2 transmit cluster credentials over unencrypted channels even when SSL/TLS is configured, allowing network-...

Oct 30, 2025
CVE-2025-32880
9.8

COROS PACE 3 smartwatches download firmware updates over unencrypted HTTP connections, allowing attackers on the same WLAN network to intercept and po...

Jun 20, 2025
CVE-2025-26199
9.8

CloudClassroom-PHP-Project v1.0 transmits login passwords over unencrypted HTTP, allowing network-based attackers to intercept credentials via Man-in-...

Jun 18, 2025
CVE-2023-39245
9.8

CVE-2023-39245 is an information disclosure vulnerability in DELL ESI for SAP LAMA's EHAC component that allows remote unauthenticated attackers to ea...

Feb 15, 2024
CVE-2023-31410
9.8

CVE-2023-31410 is a critical vulnerability in SICK EventCam App where communications lack TLS encryption, allowing attackers to intercept and manipula...

Jun 19, 2023
CVE-2023-33730
9.8

CVE-2023-33730 is a critical privilege escalation vulnerability in Microworld Technologies eScan Management Console that allows remote attackers to re...

May 31, 2023
CVE-2023-30354
9.8

This vulnerability in Tenda CP3 IP cameras allows attackers with physical access to extract Wi-Fi credentials and gain console access via UART interfa...

May 10, 2023
CVE-2022-47714
9.8

CVE-2022-47714 is a missing HSTS (HTTP Strict Transport Security) header vulnerability in Last Yard version 22.09.8-1 that allows attackers to perform...

Feb 1, 2023
CVE-2022-21829
9.8

This vulnerability in Concrete CMS allows authenticated high-privilege users to download zip files over unencrypted HTTP connections and execute code ...

Jun 24, 2022
CVE-2021-20623
9.8

CVE-2021-20623 is a critical remote code execution vulnerability in Video Insight VMS that allows attackers to execute arbitrary code with system priv...

Feb 5, 2021
CVE-2020-5426
9.8

CVE-2020-5426 allows attackers to intercept UAA client tokens transmitted in plaintext over non-TLS connections, potentially granting admin-level acce...

Nov 11, 2020
CVE-2025-11492
9.6

CVE-2025-11492 allows man-in-the-middle attacks against ConnectWise Automate Agent when configured to use HTTP instead of HTTPS. An attacker on the ne...

Oct 16, 2025
CVE-2025-7743
9.6

Dolusoft Omaspot transmits sensitive information without encryption, allowing attackers to intercept data in transit. This vulnerability affects all O...

Sep 16, 2025
CVE-2024-6515
9.6

This vulnerability in ABB industrial control system web interfaces exposes authentication credentials in clear text or Base64 encoding during transmis...

Dec 5, 2024
CVE-2024-30209
9.6

This vulnerability in Siemens SIMATIC RTLS Locating Manager allows attackers to eavesdrop on and modify client-server communications due to insufficie...

May 14, 2024
CVE-2025-65827
9.1

This CVE describes a mobile application vulnerability where the app allows clear text HTTP traffic to all domains, enabling man-in-the-middle attacks....

Dec 10, 2025
CVE-2024-25735
9.1

This vulnerability allows remote attackers to retrieve cleartext passwords from WyreStorm Apollo VX20 devices by sending a specific HTTP GET request t...

Mar 27, 2024
CVE-2023-39172
9.1

This vulnerability allows remote unauthenticated attackers to intercept and modify sensitive information transmitted by affected devices due to lack o...

Dec 7, 2023
CVE-2023-23914
9.1

A vulnerability in curl versions before 7.88.0 causes HSTS (HTTP Strict Transport Security) to fail when processing multiple URLs sequentially on the ...

Feb 23, 2023
CVE-2021-20599
9.1

This vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety and SIL2 Process CPUs allows remote unauthenticated attackers to obtain credential...

Oct 14, 2021
CVE-2021-22380
9.1

This vulnerability in Huawei smartphones allows attackers to intercept sensitive information transmitted in cleartext (unencrypted) over networks. Suc...

Jun 30, 2021
CVE-2025-2311
9.0

This vulnerability in SecHard software allows attackers to bypass authentication, manipulate interfaces, abuse authentication mechanisms, and harvest ...

Mar 20, 2025
CVE-2023-34142
9.0

Hitachi Device Manager transmits sensitive information in cleartext, allowing attackers to intercept and potentially steal credentials, configuration ...

Jul 18, 2023
CVE-2021-26560
9.0

CVE-2021-26560 allows man-in-the-middle attackers to intercept and spoof servers during HTTP sessions with synoagentregisterd in Synology DSM. This cl...

Feb 26, 2021
CVE-2023-53875
8.8

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary co...

Dec 15, 2025
CVE-2025-52351
8.8

The Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends newly generated passwords in plaintext via email and includes them as query parameter...

Aug 21, 2025
CVE-2025-0556
8.8

This vulnerability allows local network attackers to intercept unencrypted communication between Telerik Report Server components, potentially exposin...

Feb 12, 2025
CVE-2022-46680
8.8

CVE-2022-46680 is a cleartext transmission vulnerability in Schneider Electric products that allows attackers to intercept unencrypted network traffic...

May 22, 2023
CVE-2023-25437
8.8

This vulnerability in vTech VCS754 business phones exposes SIP credentials through cleartext passwords in raw HTML. Attackers can gain escalated privi...

Apr 27, 2023
CVE-2022-24978
8.8

This vulnerability in Zoho ManageEngine ADAudit Plus allows authenticated users to escalate privileges on integrated products by extracting passwords ...

Apr 5, 2022
CVE-2021-27251
8.8

This vulnerability allows network-adjacent attackers to execute arbitrary code with root privileges on NETGEAR Nighthawk R7800 routers by exploiting i...

Apr 14, 2021
CVE-2024-26288
8.7

This vulnerability allows unauthenticated remote attackers to perform man-in-the-middle attacks due to lack of encryption for sensitive data in affect...

Mar 12, 2024
CVE-2024-4161
8.6

Brocade SANnav versions before 2.3.0 transmit syslog traffic in clear text without encryption. This allows unauthenticated remote attackers to interce...

Apr 25, 2024
CVE-2025-12508
8.4

This vulnerability exposes Active Directory authentication data when domain users are configured as BRAIN2 users, as communication occurs without encr...

Oct 31, 2025
CVE-2025-10174
8.3

This vulnerability in PanCafe Pro allows attackers to flood the system by exploiting cleartext transmission of sensitive information, potentially caus...

Feb 11, 2026
CVE-2023-45321
8.3

This vulnerability in the Android Client application allows attackers on the same network to intercept MQTT broker credentials transmitted over unencr...

Oct 25, 2023
CVE-2024-44105
8.2

This vulnerability allows a local authenticated attacker to intercept OS credentials transmitted in cleartext within the Ivanti Workspace Control mana...

Sep 10, 2024
CVE-2023-53881
8.1

CVE-2023-53881 is an unencrypted CWMP communication vulnerability in ReyeeOS that allows attackers to perform man-in-the-middle attacks. Attackers can...

Dec 15, 2025
CVE-2023-34998
8.1

CVE-2023-34998 is an authentication bypass vulnerability in Open Automation Software OAS Platform that allows attackers to gain unauthorized access by...

Sep 5, 2023
CVE-2021-40847
8.1

This vulnerability allows remote attackers to execute arbitrary code as root on affected NETGEAR routers via a man-in-the-middle attack. The Circle up...

Sep 21, 2021
CVE-2021-32612
8.1

The VeryFitPro Android app transmits all sensitive data including login credentials and password changes over unencrypted HTTP instead of HTTPS. This ...

Jun 16, 2021
CVE-2022-41327
7.8

This vulnerability allows authenticated attackers with readonly superadmin privileges in Fortinet FortiOS and FortiProxy to intercept cleartext traffi...

Jun 13, 2023
CVE-2025-53139
7.7

This vulnerability allows an unauthorized attacker to bypass Windows Hello security features by intercepting cleartext sensitive information during lo...

Oct 14, 2025
CVE-2026-24455
7.5

This vulnerability exposes user credentials through unencrypted HTTP Basic Authentication in an embedded web interface. Attackers on the same network ...

Feb 20, 2026
CVE-2026-22271
7.5

Dell ECS and ObjectScale systems transmit sensitive information without encryption, allowing unauthenticated remote attackers to intercept and read th...

Jan 23, 2026
CVE-2025-69272
7.5

Broadcom DX NetOps Spectrum transmits sensitive information without encryption, allowing attackers on the same network to intercept credentials, confi...

Jan 12, 2026
CVE-2025-67159
7.5

Vatilon v1.12.37-20240124 transmits user credentials in plaintext during authentication, allowing attackers to intercept login information. This affec...

Jan 2, 2026
CVE-2025-62578
7.5

The DVP-12SE programmable logic controller transmits sensitive information in cleartext over Modbus/TCP, allowing attackers on the same network to int...

Dec 26, 2025
CVE-2025-66573
7.5

CVE-2025-66573 is an information disclosure vulnerability in Solstice Pod API that allows unauthenticated attackers to access sensitive configuration ...

Dec 4, 2025
CVE-2025-63364
7.5

The Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway transmits administrator credentials in plaintext during authentication. This ...

Dec 4, 2025

About CWE-319 (CWE-319)

Our database tracks 172 CVEs classified as CWE-319, with 24 rated critical and 95 rated high severity. The average CVSS score for CWE-319 vulnerabilities is 7.4.

External reference: View CWE-319 on MITRE CWE →

Monitor CWE-319 Vulnerabilities

Get alerted when new CWE-319 CVEs affect your infrastructure.

Start Monitoring Free